diff options
Diffstat (limited to 'nixpkgs/pkgs/applications/virtualization')
101 files changed, 6759 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/8086tiny/builder.sh b/nixpkgs/pkgs/applications/virtualization/8086tiny/builder.sh new file mode 100644 index 000000000000..7cff2589abe0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/8086tiny/builder.sh @@ -0,0 +1,28 @@ + +source $stdenv/setup + +mkdir -p ./$name $out/bin $out/share/$name $out/share/doc/$name/images + +cd $name +tar xf $src +make 8086tiny +if [ $bios ]; then + cd bios_source + nasm -f bin bios.asm -o bios + cd .. +fi + +install -m 755 8086tiny $out/bin +install -m 644 fd.img $out/share/$name/8086tiny-floppy.img +install -m 644 bios_source/bios.asm $out/share/$name/8086tiny-bios-src.asm +install -m 644 docs/8086tiny.css $out/share/doc/$name +install -m 644 docs/doc.html $out/share/doc/$name +for i in docs/images/*.gif +do + install -m 644 $i $out/share/doc/$name/images +done +if [ $bios ]; then + install -m 644 bios_source/bios $out/share/$name/8086tiny-bios +else + install -m 644 bios $out/share/$name/8086tiny-bios +fi diff --git a/nixpkgs/pkgs/applications/virtualization/8086tiny/default.nix b/nixpkgs/pkgs/applications/virtualization/8086tiny/default.nix new file mode 100644 index 000000000000..464ea053cc4f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/8086tiny/default.nix @@ -0,0 +1,39 @@ +{ stdenv, fetchurl +, localBios ? true, nasm ? null +, sdlSupport ? true, SDL ? null }: + +assert sdlSupport -> (SDL != null); + +stdenv.mkDerivation { + + pname = "8086tiny"; + version = "1.25"; + + src = fetchurl { + url ="http://www.megalith.co.uk/8086tiny/downloads/8086tiny_125.tar.bz2"; + sha256 = "0kmq4iiwhi2grjwq43ljjk1b1f1v1x9gzrgrgq2fzfsj7m7s6ris"; + }; + + buildInputs = with stdenv.lib; + optionals localBios [ nasm ] + ++ optionals sdlSupport [ SDL ]; + + bios = localBios; + + builder = ./builder.sh; + + meta = { + description = "An open-source 8086 emulator"; + longDescription = '' + 8086tiny is a tiny, open-source (MIT), portable (little-endian hosts) Intel PC emulator, powerful enough to run DOS, Windows 3.0, Excel, MS Flight Simulator, AutoCAD, Lotus 1-2-3, and similar applications. 8086tiny emulates a "late 80's era" PC XT-type machine. + + 8086tiny is based on an IOCCC 2013 winning entry. In fact that is the "unobfuscated" version :) + ''; + homepage = "http://www.megalith.co.uk/8086tiny/index.html"; + license = stdenv.lib.licenses.mit; + maintainers = [ stdenv.lib.maintainers.AndersonTorres ]; + platforms = stdenv.lib.platforms.linux; + }; +} + +# TODO: add support for a locally made BIOS diff --git a/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix b/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix new file mode 100644 index 000000000000..19ba8ced4973 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/OVMF/default.nix @@ -0,0 +1,62 @@ +{ stdenv, lib, edk2, utillinux, nasm, iasl +, csmSupport ? false, seabios ? null +, secureBoot ? false +}: + +assert csmSupport -> seabios != null; + +let + + projectDscPath = if stdenv.isi686 then + "OvmfPkg/OvmfPkgIa32.dsc" + else if stdenv.isx86_64 then + "OvmfPkg/OvmfPkgX64.dsc" + else if stdenv.isAarch64 then + "ArmVirtPkg/ArmVirtQemu.dsc" + else + throw "Unsupported architecture"; + + version = lib.getVersion edk2; +in + +edk2.mkDerivation projectDscPath { + name = "OVMF-${version}"; + + outputs = [ "out" "fd" ]; + + buildInputs = [ utillinux nasm iasl ]; + + hardeningDisable = [ "format" "stackprotector" "pic" "fortify" ]; + + buildFlags = + lib.optional secureBoot "-DSECURE_BOOT_ENABLE=TRUE" + ++ lib.optionals csmSupport [ "-D CSM_ENABLE" "-D FD_SIZE_2MB" ]; + + postPatch = lib.optionalString csmSupport '' + cp ${seabios}/Csm16.bin OvmfPkg/Csm/Csm16/Csm16.bin + ''; + + postFixup = if stdenv.isAarch64 then '' + mkdir -vp $fd/FV + mkdir -vp $fd/AAVMF + mv -v $out/FV/QEMU_{EFI,VARS}.fd $fd/FV + + # Uses Fedora dir layout: https://src.fedoraproject.org/cgit/rpms/edk2.git/tree/edk2.spec + # FIXME: why is it different from Debian dir layout? https://salsa.debian.org/qemu-team/edk2/blob/debian/debian/rules + dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=/dev/zero bs=1M count=64 + dd of=$fd/AAVMF/QEMU_EFI-pflash.raw if=$fd/FV/QEMU_EFI.fd conv=notrunc + dd of=$fd/AAVMF/vars-template-pflash.raw if=/dev/zero bs=1M count=64 + '' else '' + mkdir -vp $fd/FV + mv -v $out/FV/OVMF{,_CODE,_VARS}.fd $fd/FV + ''; + + dontPatchELF = true; + + meta = { + description = "Sample UEFI firmware for QEMU and KVM"; + homepage = "https://github.com/tianocore/tianocore.github.io/wiki/OVMF"; + license = stdenv.lib.licenses.bsd2; + platforms = ["x86_64-linux" "i686-linux" "aarch64-linux" "x86_64-darwin"]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/aqemu/default.nix b/nixpkgs/pkgs/applications/virtualization/aqemu/default.nix new file mode 100644 index 000000000000..9177f2645028 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/aqemu/default.nix @@ -0,0 +1,26 @@ +{ mkDerivation, cmake, fetchFromGitHub, libvncserver, qemu, qtbase, stdenv +}: + +mkDerivation rec { + pname = "aqemu"; + version = "0.9.2"; + + src = fetchFromGitHub { + owner = "tobimensch"; + repo = "aqemu"; + rev = "v${version}"; + sha256 = "1h1mcw8x0jir5p39bs8ka0lcisiyi4jq61fsccgb9hsvl1i8fvk5"; + }; + + nativeBuildInputs = [ cmake ]; + + buildInputs = [ libvncserver qtbase qemu ]; + + meta = with stdenv.lib; { + description = "A virtual machine manager GUI for qemu"; + homepage = "https://github.com/tobimensch/aqemu"; + license = licenses.gpl2; + maintainers = with maintainers; [ hrdinka ]; + platforms = with platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/arion/default.nix b/nixpkgs/pkgs/applications/virtualization/arion/default.nix new file mode 100644 index 000000000000..f144ec976779 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/arion/default.nix @@ -0,0 +1,83 @@ +{ pkgs +, lib +, haskellPackages +, haskell +, runCommand +}: + +let + + /* This derivation builds the arion tool. + + It is based on the arion-compose Haskell package, but adapted and extended to + - have the correct name + - have a smaller closure size + - have functions to use Arion from inside Nix: arion.eval and arion.build + - make it self-contained by including docker-compose + */ + arion = + justStaticExecutables ( + overrideCabal + arion-compose + cabalOverrides + ); + + inherit (haskell.lib) justStaticExecutables overrideCabal; + + inherit (haskellPackages) arion-compose; + + cabalOverrides = o: { + buildTools = (o.buildTools or []) ++ [pkgs.makeWrapper]; + passthru = (o.passthru or {}) // { + inherit eval build; + }; + # Patch away the arion-compose name. Unlike the Haskell library, the program + # is called arion (arion was already taken on hackage). + pname = "arion"; + src = arion-compose.src; + + # PYTHONPATH + # + # We close off the python module search path! + # + # Accepting directories from the environment into the search path + # tends to break things. Docker Compose does not have a plugin + # system as far as I can tell, so I don't expect this to break a + # feature, but rather to make the program more robustly self- + # contained. + + postInstall = ''${o.postInstall or ""} + mkdir -p $out/libexec + mv $out/bin/arion $out/libexec + makeWrapper $out/libexec/arion $out/bin/arion \ + --unset PYTHONPATH \ + --prefix PATH : ${lib.makeBinPath [ pkgs.docker-compose ]} \ + ; + ''; + }; + + # Unpacked sources for evaluation by `eval` + srcUnpacked = runCommand "arion-src" {} + "mkdir $out; tar -C $out --strip-components=1 -xf ${arion-compose.src}"; + + /* Function for evaluating a composition + + Re-uses this Nixpkgs evaluation instead of `arion-pkgs.nix`. + + Returns the module system's `config` and `options` variables. + */ + eval = args@{...}: + import (srcUnpacked + "/src/nix/eval-composition.nix") + ({ inherit pkgs; } // args); + + /* Function to derivation of the docker compose yaml file + NOTE: The output will change: https://github.com/hercules-ci/arion/issues/82 + + This function is particularly useful on CI, although the references + to image tarballs may not always be desirable. + */ + build = args@{...}: + let composition = eval args; + in composition.config.out.dockerComposeYaml; + +in arion diff --git a/nixpkgs/pkgs/applications/virtualization/bochs/bochs-2.6.11-glibc-2.26.patch b/nixpkgs/pkgs/applications/virtualization/bochs/bochs-2.6.11-glibc-2.26.patch new file mode 100644 index 000000000000..e662913574db --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/bochs/bochs-2.6.11-glibc-2.26.patch @@ -0,0 +1,13 @@ +diff -Naur bochs-2.6.10.orig/iodev/network/slirp/slirp.h bochs-2.6.10.mod/iodev/network/slirp/slirp.h +--- bochs-2.6.10.orig/iodev/network/slirp/slirp.h 2019-11-02 16:30:39.843938000 -0300 ++++ bochs-2.6.10.mod/iodev/network/slirp/slirp.h 2019-12-29 12:55:49.541630697 -0300 +@@ -44,8 +44,8 @@ + #endif + + #include <sys/types.h> +-#if defined(__OpenBSD__) || defined(__linux__) + #include <stdint.h> ++#if defined(__OpenBSD__) || defined(__linux__) + #include <sys/wait.h> + #endif + #ifdef HAVE_SYS_BITYPES_H diff --git a/nixpkgs/pkgs/applications/virtualization/bochs/default.nix b/nixpkgs/pkgs/applications/virtualization/bochs/default.nix new file mode 100644 index 000000000000..e9982d61391d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/bochs/default.nix @@ -0,0 +1,129 @@ +{ stdenv, fetchurl +, pkgconfig, libtool +, gtk2, libGLU, libGL, readline, libX11, libXpm +, docbook_xml_dtd_45, docbook_xsl +, sdlSupport ? true, SDL2 ? null +, termSupport ? true, ncurses ? null +, wxSupport ? true, wxGTK ? null +, wgetSupport ? false, wget ? null +, curlSupport ? false, curl ? null +}: + +assert sdlSupport -> (SDL2 != null); +assert termSupport -> (ncurses != null); +assert wxSupport -> (gtk2 != null && wxGTK != null); +assert wgetSupport -> (wget != null); +assert curlSupport -> (curl != null); + +with stdenv.lib; +stdenv.mkDerivation rec { + + pname = "bochs"; + version = "2.6.11"; + + src = fetchurl { + url = "mirror://sourceforge/project/bochs/bochs/${version}/${pname}-${version}.tar.gz"; + sha256 = "0ql8q6y1k356li1g9gbvl21448mlxphxxi6kjb2b3pxvzd0pp2b3"; + }; + + patches = [ ./bochs-2.6.11-glibc-2.26.patch ./fix-build-smp.patch ]; + + buildInputs = + [ pkgconfig libtool gtk2 libGLU libGL readline libX11 libXpm docbook_xml_dtd_45 docbook_xsl ] + ++ optionals termSupport [ ncurses ] + ++ optionals sdlSupport [ SDL2 ] + ++ optionals wxSupport [ wxGTK ] + ++ optionals wgetSupport [ wget ] + ++ optionals curlSupport [ curl ]; + + configureFlags = [ + "--with-x=yes" + "--with-x11=yes" + + "--with-rfb=no" + "--with-vncsrv=no" + "--with-svga=no" # it doesn't compile on NixOS + + # These will always be "yes" on NixOS + "--enable-ltdl-install=yes" + "--enable-readline=yes" + "--enable-all-optimizations=yes" + "--enable-logging=yes" + "--enable-xpm=yes" + + # ... whereas these, always "no"! + "--enable-cpp=no" + "--enable-instrumentation=no" + + "--enable-docbook=no" # Broken - it requires docbook2html + + # Dangerous options - they are marked as "incomplete/experimental" on Bochs documentation + "--enable-3dnow=no" + "--enable-monitor-mwait=no" + "--enable-raw-serial=no" ] + # Boolean flags + ++ optionals termSupport [ "--with-term" ] + ++ optionals sdlSupport [ "--with-sdl2" ] + ++ optionals wxSupport [ "--with-wx" ] + # These are completely configurable, and they don't depend of external tools + ++ [ "--enable-cpu-level=6" # from 3 to 6 + "--enable-largefile" + "--enable-idle-hack" + "--enable-plugins=no" # Plugins are a bit buggy in Bochs + "--enable-a20-pin" + "--enable-x86-64" + "--enable-smp" + "--enable-large-ramfile" + "--enable-repeat-speedups" + "--enable-handlers-chaining" + "--enable-trace-linking" + "--enable-configurable-msrs" + "--enable-show-ips" + "--enable-debugger" #conflicts with gdb-stub option + "--enable-disasm" + "--enable-debugger-gui" + "--enable-gdb-stub=no" # conflicts with debugger option + "--enable-iodebug" + "--enable-fpu" + "--enable-svm" + "--enable-avx" + "--enable-evex" + "--enable-x86-debugger" + "--enable-pci" + "--enable-usb" + "--enable-usb-ohci" + "--enable-usb-ehci" + "--enable-usb-xhci" + "--enable-ne2000" + "--enable-pnic" + "--enable-e1000" + "--enable-clgd54xx" + "--enable-voodoo" + "--enable-cdrom" + "--enable-sb16" + "--enable-es1370" + "--enable-busmouse" ]; + + NIX_CFLAGS_COMPILE="-I${gtk2.dev}/include/gtk-2.0/ -I${libtool}/include/"; + NIX_LDFLAGS="-L${libtool.lib}/lib"; + + hardeningDisable = [ "format" ]; + + enableParallelBuilding = true; + + meta = { + description = "An open-source IA-32 (x86) PC emulator"; + longDescription = '' + Bochs is an open-source (LGPL), highly portable IA-32 PC emulator, written + in C++, that runs on most popular platforms. It includes emulation of the + Intel x86 CPU, common I/O devices, and a custom BIOS. + ''; + homepage = "http://bochs.sourceforge.net/"; + license = licenses.lgpl2Plus; + maintainers = with maintainers; [ AndersonTorres ]; + platforms = platforms.unix; + }; +} +# TODO: plugins +# TODO: svga support - the Bochs sources explicitly cite /usr/include/vga.h +# TODO: a better way to organize the options diff --git a/nixpkgs/pkgs/applications/virtualization/bochs/fix-build-smp.patch b/nixpkgs/pkgs/applications/virtualization/bochs/fix-build-smp.patch new file mode 100644 index 000000000000..faa2acfa5129 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/bochs/fix-build-smp.patch @@ -0,0 +1,21 @@ +Description: A fix for SMP-enable configurations +Inspired in: https://sourceforge.net/p/bochs/code/13778/ + +============ +diff -Naur bochs-2.6.11-old/bx_debug/dbg_main.cc bochs-2.6.11-new/bx_debug/dbg_main.cc +--- bochs-2.6.11-old/bx_debug/dbg_main.cc 2019-12-20 04:57:59.818924000 -0300 ++++ bochs-2.6.11-new/bx_debug/dbg_main.cc 2020-03-30 23:20:29.402195707 -0300 +@@ -1494,11 +1494,11 @@ + { + char cpu_param_name[16]; + +- Bit32u index = BX_ITLB_INDEX_OF(laddr); ++ Bit32u index = BX_CPU(dbg_cpu)->ITLB.get_index_of(laddr); + sprintf(cpu_param_name, "ITLB.entry%d", index); + bx_dbg_show_param_command(cpu_param_name, 0); + +- index = BX_DTLB_INDEX_OF(laddr, 0); ++ index = BX_CPU(dbg_cpu)->DTLB.get_index_of(laddr); + sprintf(cpu_param_name, "DTLB.entry%d", index); + bx_dbg_show_param_command(cpu_param_name, 0); + } diff --git a/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix b/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix new file mode 100644 index 000000000000..a316952a010d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/charliecloud/default.nix @@ -0,0 +1,48 @@ +{ stdenv, fetchFromGitHub, python }: + +stdenv.mkDerivation rec { + + version = "0.12"; + pname = "charliecloud"; + + src = fetchFromGitHub { + owner = "hpc"; + repo = "charliecloud"; + rev = "v${version}"; + sha256 = "177rcf1klcxsp6x9cw75cmz3y2izgd1hvi1rb9vc6iz9qx1nmk3v"; + }; + + buildInputs = [ python ]; + + preConfigure = '' + substituteInPlace Makefile --replace '/bin/bash' '${stdenv.shell}' + patchShebangs test/ + ''; + + makeFlags = [ + "PREFIX=$(out)" + "LIBEXEC_DIR=lib/charliecloud" + ]; + + postInstall = '' + mkdir -p $out/share/charliecloud + mv $out/lib/charliecloud/examples $out/share/charliecloud + mv $out/lib/charliecloud/test $out/share/charliecloud + ''; + + meta = { + description = "User-defined software stacks (UDSS) for high-performance computing (HPC) centers"; + longDescription = '' + Charliecloud uses Linux user namespaces to run containers with no + privileged operations or daemons and minimal configuration changes on + center resources. This simple approach avoids most security risks + while maintaining access to the performance and functionality already + on offer. + ''; + homepage = "https://hpc.github.io/charliecloud"; + license = stdenv.lib.licenses.asl20; + maintainers = [ stdenv.lib.maintainers.bzizou ]; + platforms = stdenv.lib.platforms.linux; + }; + +} diff --git a/nixpkgs/pkgs/applications/virtualization/cntr/default.nix b/nixpkgs/pkgs/applications/virtualization/cntr/default.nix new file mode 100644 index 000000000000..e3ab1c6c2f80 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/cntr/default.nix @@ -0,0 +1,24 @@ +{ stdenv, rustPlatform, fetchFromGitHub }: + +rustPlatform.buildRustPackage rec { + pname = "cntr"; + version = "1.2.1"; + + src = fetchFromGitHub { + owner = "Mic92"; + repo = "cntr"; + rev = version; + sha256 = "0dhfz7aj3cqi974ybf0axchih40rzrs9m8bxhwz1hgig57aisfc0"; + }; + + cargoSha256 = "088drkpkgq8psv5j6igxyhfvvbalzg6nd98r9z0nxkawck5i2clz"; + + meta = with stdenv.lib; { + description = "A container debugging tool based on FUSE"; + homepage = "https://github.com/Mic92/cntr"; + license = licenses.mit; + # aarch64 support will be fixed soon + platforms = [ "x86_64-linux" ]; + maintainers = [ maintainers.mic92 ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/conmon/default.nix b/nixpkgs/pkgs/applications/virtualization/conmon/default.nix new file mode 100644 index 000000000000..bfe9f1d34865 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/conmon/default.nix @@ -0,0 +1,33 @@ +{ stdenv +, fetchFromGitHub +, pkg-config +, glib +, glibc +, systemd +}: + +stdenv.mkDerivation rec { + pname = "conmon"; + version = "2.0.15"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = "v${version}"; + sha256 = "1fshcmnfqzbagzcrh5nxw7pi0dd60xpq47a2lzfghklqhl1h0b5i"; + }; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ glib systemd ] + ++ stdenv.lib.optionals (!stdenv.hostPlatform.isMusl) [ glibc glibc.static ]; + + installFlags = [ "PREFIX=$(out)" ]; + + meta = with stdenv.lib; { + homepage = "https://github.com/containers/conmon"; + description = "An OCI container runtime monitor"; + license = licenses.asl20; + maintainers = with maintainers; [ ] ++ teams.podman.members; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/containerd/default.nix b/nixpkgs/pkgs/applications/virtualization/containerd/default.nix new file mode 100644 index 000000000000..4210994f4352 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/containerd/default.nix @@ -0,0 +1,52 @@ +{ lib, fetchFromGitHub, buildGoPackage, btrfs-progs, go-md2man, installShellFiles, utillinux }: + +with lib; + +buildGoPackage rec { + pname = "containerd"; + version = "1.2.13"; + # git commit for the above version's tag + commit = "7ad184331fa3e55e52b890ea95e65ba581ae3429"; + + src = fetchFromGitHub { + owner = "containerd"; + repo = "containerd"; + rev = "v${version}"; + sha256 = "1rac3iak3jpz57yarxc72bxgxvravwrl0j6s6w2nxrmh2m3kxqzn"; + }; + + goPackagePath = "github.com/containerd/containerd"; + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ go-md2man installShellFiles utillinux ]; + + buildInputs = [ btrfs-progs ]; + + buildFlags = [ "VERSION=v${version}" "REVISION=${commit}" ]; + + BUILDTAGS = [] + ++ optional (btrfs-progs == null) "no_btrfs"; + + buildPhase = '' + cd go/src/${goPackagePath} + patchShebangs . + make binaries $buildFlags + ''; + + installPhase = '' + for b in bin/*; do + install -Dm555 $b $out/$b + done + + make man + installManPage man/*.[1-9] + ''; + + meta = { + homepage = "https://containerd.io/"; + description = "A daemon to control runC"; + license = licenses.asl20; + maintainers = with maintainers; [ offline vdemeester ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix b/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix new file mode 100644 index 000000000000..4c3d9ffc937c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/cri-o/default.nix @@ -0,0 +1,78 @@ +{ flavor ? "" +, stdenv +, btrfs-progs +, buildGoPackage +, fetchFromGitHub +, glibc +, gpgme +, installShellFiles +, libapparmor +, libassuan +, libgpgerror +, libseccomp +, libselinux +, lvm2 +, pkg-config +}: + +buildGoPackage rec { + pname = "cri-o"; + version = "1.18.0"; + name = "${pname}-${version}${flavor}"; + + goPackagePath = "github.com/cri-o/cri-o"; + + src = fetchFromGitHub { + owner = "cri-o"; + repo = "cri-o"; + rev = "v${version}"; + sha256 = "142flmv54pj48rjqkd26fbxrcbx2cv6pdmrc33jgyvn6r99zliah"; + }; + + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ installShellFiles pkg-config ]; + + buildInputs = [ + btrfs-progs + gpgme + libapparmor + libassuan + libgpgerror + libseccomp + libselinux + lvm2 + ] ++ stdenv.lib.optionals (glibc != null) [ glibc glibc.static ]; + + BUILDTAGS = "apparmor seccomp selinux containers_image_ostree_stub"; + buildPhase = '' + pushd go/src/${goPackagePath} + + sed -i '/version.buildDate/d' Makefile + + make binaries docs BUILDTAGS="$BUILDTAGS" + ''; + + installPhase = '' + install -Dm755 bin/crio $out/bin/crio${flavor} + install -Dm755 bin/crio-status $out/bin/crio-status${flavor} + install -Dm755 bin/pinns $out/bin/pinns${flavor} + + for shell in bash fish zsh; do + installShellCompletion --$shell completions/$shell/* + done + + installManPage docs/*.[1-9] + ''; + + meta = with stdenv.lib; { + homepage = "https://cri-o.io"; + description = '' + Open Container Initiative-based implementation of the + Kubernetes Container Runtime Interface + ''; + license = licenses.asl20; + maintainers = with maintainers; [ ] ++ teams.podman.members; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff b/nixpkgs/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff new file mode 100644 index 000000000000..f1aa50ee102c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/crosvm/default-seccomp-policy-dir.diff @@ -0,0 +1,15 @@ +diff --git a/src/crosvm.rs b/src/crosvm.rs +index b7055df..5989c87 100644 +--- a/src/crosvm.rs ++++ b/src/crosvm.rs +@@ -141,7 +141,9 @@ impl Default for Config { + x_display: None, + shared_dirs: Vec::new(), + sandbox: !cfg!(feature = "default-no-sandbox"), +- seccomp_policy_dir: PathBuf::from(SECCOMP_POLICY_DIR), ++ seccomp_policy_dir: PathBuf::from( ++ option_env!("DEFAULT_SECCOMP_POLICY_DIR").unwrap_or(SECCOMP_POLICY_DIR), ++ ), + seccomp_log_failures: false, + cras_audio: false, + cras_capture: false, diff --git a/nixpkgs/pkgs/applications/virtualization/crosvm/default.nix b/nixpkgs/pkgs/applications/virtualization/crosvm/default.nix new file mode 100644 index 000000000000..38ce277bf3ff --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/crosvm/default.nix @@ -0,0 +1,93 @@ +{ stdenv, lib, rustPlatform, fetchgit, runCommand, symlinkJoin +, pkgconfig, minijail, dtc, libusb1, libcap, linux +}: + +let + + upstreamInfo = with builtins; fromJSON (readFile ./upstream-info.json); + + arch = with stdenv.hostPlatform; + if isAarch64 then "arm" + else if isx86_64 then "x86_64" + else throw "no seccomp policy files available for host platform"; + + crosvmSrc = fetchgit { + inherit (upstreamInfo.components."chromiumos/platform/crosvm") + url rev sha256 fetchSubmodules; + }; + + adhdSrc = fetchgit { + inherit (upstreamInfo.components."chromiumos/third_party/adhd") + url rev sha256 fetchSubmodules; + }; + +in + + rustPlatform.buildRustPackage rec { + pname = "crosvm"; + inherit (upstreamInfo) version; + + unpackPhase = '' + runHook preUnpack + + mkdir -p chromiumos/platform chromiumos/third_party + + pushd chromiumos/platform + unpackFile ${crosvmSrc} + mv ${crosvmSrc.name} crosvm + popd + + pushd chromiumos/third_party + unpackFile ${adhdSrc} + mv ${adhdSrc.name} adhd + popd + + chmod -R u+w -- "$sourceRoot" + + runHook postUnpack + ''; + + sourceRoot = "chromiumos/platform/crosvm"; + + patches = [ + ./default-seccomp-policy-dir.diff + ]; + + cargoSha256 = "0lhivwvdihslwp81i3sa5q88p5hr83bzkvklrcgf6x73arwk8kdz"; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ dtc libcap libusb1 minijail ]; + + postPatch = '' + sed -i "s|/usr/share/policy/crosvm/|$out/share/policy/|g" \ + seccomp/*/*.policy + ''; + + preBuild = '' + export DEFAULT_SECCOMP_POLICY_DIR=$out/share/policy + ''; + + postInstall = '' + mkdir -p $out/share/policy/ + cp seccomp/${arch}/* $out/share/policy/ + ''; + + CROSVM_CARGO_TEST_KERNEL_BINARY = + lib.optionalString (stdenv.buildPlatform == stdenv.hostPlatform) + "${linux}/${stdenv.hostPlatform.platform.kernelTarget}"; + + passthru = { + inherit adhdSrc; + src = crosvmSrc; + updateScript = ./update.py; + }; + + meta = with lib; { + description = "A secure virtual machine monitor for KVM"; + homepage = "https://chromium.googlesource.com/chromiumos/platform/crosvm/"; + maintainers = with maintainers; [ qyliss ]; + license = licenses.bsd3; + platforms = [ "aarch64-linux" "x86_64-linux" ]; + }; + } diff --git a/nixpkgs/pkgs/applications/virtualization/crosvm/update.py b/nixpkgs/pkgs/applications/virtualization/crosvm/update.py new file mode 100755 index 000000000000..29e68b9f5790 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/crosvm/update.py @@ -0,0 +1,91 @@ +#! /usr/bin/env nix-shell +#! nix-shell -p nix-prefetch-git "python3.withPackages (ps: with ps; [ lxml ])" +#! nix-shell -i python + +import base64 +import json +import re +import subprocess +from codecs import iterdecode +from os.path import dirname, splitext +from lxml import etree +from lxml.etree import HTMLParser +from urllib.request import urlopen + +# ChromiumOS components required to build crosvm. +components = ['chromiumos/platform/crosvm', 'chromiumos/third_party/adhd'] + +git_root = 'https://chromium.googlesource.com/' +manifest_versions = f'{git_root}chromiumos/manifest-versions' +buildspecs_url = f'{manifest_versions}/+/refs/heads/master/full/buildspecs/' + +# CrOS version numbers look like this: +# [<chrome-major-version>.]<tip-build>.<branch-build>.<branch-branch-build> +# +# As far as I can tell, branches are where internal Google +# modifications are added to turn Chromium OS into Chrome OS, and +# branch branches are used for fixes for specific devices. So for +# Chromium OS they will always be 0. This is a best guess, and is not +# documented. +with urlopen('https://cros-updates-serving.appspot.com/') as resp: + document = etree.parse(resp, HTMLParser()) + # bgcolor="lightgreen" is set on the most up-to-date version for + # each channel, so find a lightgreen cell in the "Stable" column. + (platform_version, chrome_version) = document.xpath(""" + (//table[@id="cros-updates"]/tr/td[1 + count( + //table[@id="cros-updates"]/thead/tr[1]/th[text() = "Stable"] + /preceding-sibling::*) + ][@bgcolor="lightgreen"])[1]/text() + """) + +chrome_major_version = re.match(r'\d+', chrome_version)[0] +chromeos_tip_build = re.match(r'\d+', platform_version)[0] + +# Find the most recent buildspec for the stable Chrome version and +# Chromium OS build number. Its branch build and branch branch build +# numbers will (almost?) certainly be 0. It will then end with an rc +# number -- presumably these are release candidates, one of which +# becomes the final release. Presumably the one with the highest rc +# number. +with urlopen(f'{buildspecs_url}{chrome_major_version}/?format=TEXT') as resp: + listing = base64.decodebytes(resp.read()).decode('utf-8') + buildspecs = [(line.split('\t', 1)[1]) for line in listing.splitlines()] + buildspecs = [s for s in buildspecs if s.startswith(chromeos_tip_build)] + buildspecs.sort(reverse=True) + buildspec = splitext(buildspecs[0])[0] + +revisions = {} + +# Read the buildspec, and extract the git revisions for each component. +with urlopen(f'{buildspecs_url}{chrome_major_version}/{buildspec}.xml?format=TEXT') as resp: + xml = base64.decodebytes(resp.read()) + root = etree.fromstring(xml) + for project in root.findall('project'): + revisions[project.get('name')] = project.get('revision') + +# Initialize the data that will be output from this script. Leave the +# rc number in buildspec so nobody else is subject to the same level +# of confusion I have been. +data = {'version': f'{chrome_major_version}.{buildspec}', 'components': {}} + +# Fill in the 'components' dictionary with the output from +# nix-prefetch-git, which can be passed straight to fetchGit when +# imported by Nix. +for component in components: + argv = ['nix-prefetch-git', + '--url', git_root + component, + '--rev', revisions[component]] + + output = subprocess.check_output(argv) + data['components'][component] = json.loads(output.decode('utf-8')) + +# Find the path to crosvm's default.nix, so the srcs data can be +# written into the same directory. +argv = ['nix-instantiate', '--eval', '--json', '-A', 'crosvm.meta.position'] +position = json.loads(subprocess.check_output(argv).decode('utf-8')) +filename = re.match(r'[^:]*', position)[0] + +# Finally, write the output. +with open(dirname(filename) + '/upstream-info.json', 'w') as out: + json.dump(data, out, indent=2) + out.write('\n') diff --git a/nixpkgs/pkgs/applications/virtualization/crosvm/upstream-info.json b/nixpkgs/pkgs/applications/virtualization/crosvm/upstream-info.json new file mode 100644 index 000000000000..bb9cc8841b4a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/crosvm/upstream-info.json @@ -0,0 +1,23 @@ +{ + "version": "81.12871.0.0-rc1", + "components": { + "chromiumos/platform/crosvm": { + "url": "https://chromium.googlesource.com/chromiumos/platform/crosvm", + "rev": "8b8c01e1ad31718932491e4aee63f56109a138e2", + "date": "2020-01-25T02:28:10+00:00", + "sha256": "1qmf1k06pwynh15c3nr9m6v90z2pkk930xniwvlvbvnazrk4rllg", + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false + }, + "chromiumos/third_party/adhd": { + "url": "https://chromium.googlesource.com/chromiumos/third_party/adhd", + "rev": "f361d5b02623274723bff251dafa1e2a2887b013", + "date": "2020-01-23T18:37:46+00:00", + "sha256": "1p8iwjwgmcgmzri03ik2jaid8l0ch0bzn6z9z64dix1hlrvrlliw", + "fetchSubmodules": false, + "deepClone": false, + "leaveDotGit": false + } + } +} diff --git a/nixpkgs/pkgs/applications/virtualization/crun/default.nix b/nixpkgs/pkgs/applications/virtualization/crun/default.nix new file mode 100644 index 000000000000..ded793449fc7 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/crun/default.nix @@ -0,0 +1,72 @@ +{ stdenv +, lib +, fetchFromGitHub +, autoreconfHook +, go-md2man +, pkgconfig +, libcap +, libseccomp +, python3 +, systemd +, yajl +}: + +let + # these tests require additional permissions + disabledTests = [ + "test_capabilities.py" + "test_cwd.py" + "test_detach.py" + "test_exec.py" + "test_hooks.py" + "test_hostname.py" + "test_paths.py" + "test_pid.py" + "test_pid_file.py" + "test_preserve_fds.py" + "test_start.py" + "test_uid_gid.py" + "test_update.py" + "tests_libcrun_utils" + ]; + +in +stdenv.mkDerivation rec { + pname = "crun"; + version = "0.13"; + + src = fetchFromGitHub { + owner = "containers"; + repo = pname; + rev = version; + sha256 = "0c5acf916yv2zv3xjvxk1sa4h3n2wljc5hw61php7q37pbjc1ppn"; + fetchSubmodules = true; + }; + + nativeBuildInputs = [ autoreconfHook go-md2man pkgconfig python3 ]; + + buildInputs = [ libcap libseccomp systemd yajl ]; + + enableParallelBuilding = true; + + # we need this before autoreconfHook does its thing in order to initialize + # config.h with the correct values + postPatch = '' + echo ${version} > .tarball-version + echo '#define GIT_VERSION "${src.rev}"' > git-version.h + + ${lib.concatMapStringsSep "\n" (e: + "substituteInPlace Makefile.am --replace 'tests/${e}' ''" + ) disabledTests} + ''; + + doCheck = true; + + meta = with lib; { + description = "A fast and lightweight fully featured OCI runtime and C library for running containers"; + license = licenses.gpl2Plus; + platforms = platforms.linux; + inherit (src.meta) homepage; + maintainers = with maintainers; [ ] ++ teams.podman.members; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker-compose/default.nix b/nixpkgs/pkgs/applications/virtualization/docker-compose/default.nix new file mode 100644 index 000000000000..14c5ec0a4161 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker-compose/default.nix @@ -0,0 +1,49 @@ +{ stdenv, buildPythonApplication, fetchPypi, pythonOlder +, mock, pytest, nose +, pyyaml, backports_ssl_match_hostname, colorama, docopt +, dockerpty, docker, ipaddress, jsonschema, requests +, six, texttable, websocket_client, cached-property +, enum34, functools32, paramiko +}: + +buildPythonApplication rec { + version = "1.25.5"; + pname = "docker-compose"; + + src = fetchPypi { + inherit pname version; + sha256 = "1ijhg93zs3lswkljnm0rhww7gdy0g94psvsya2741prz2zcbcbks"; + }; + + # lots of networking and other fails + doCheck = false; + checkInputs = [ mock pytest nose ]; + propagatedBuildInputs = [ + pyyaml backports_ssl_match_hostname colorama dockerpty docker + ipaddress jsonschema requests six texttable websocket_client + docopt cached-property paramiko + ] ++ + stdenv.lib.optional (pythonOlder "3.4") enum34 ++ + stdenv.lib.optional (pythonOlder "3.2") functools32; + + postPatch = '' + # Remove upper bound on requires, see also + # https://github.com/docker/compose/issues/4431 + sed -i "s/, < .*',$/',/" setup.py + ''; + + postInstall = '' + install -D -m 0444 contrib/completion/bash/docker-compose \ + $out/share/bash-completion/completions/docker-compose + + install -D -m 0444 contrib/completion/zsh/_docker-compose \ + $out/share/zsh-completion/zsh/site-functions/_docker-compose + ''; + + meta = with stdenv.lib; { + homepage = "https://docs.docker.com/compose/"; + description = "Multi-container orchestration for Docker"; + license = licenses.asl20; + maintainers = with maintainers; [ Frostman ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix b/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix new file mode 100644 index 000000000000..996d52bacab2 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker-slim/default.nix @@ -0,0 +1,50 @@ +{ stdenv +, buildGoPackage +, fetchFromGitHub +, makeWrapper +}: + +buildGoPackage rec { + pname = "docker-slim"; + version = "1.29.0"; + + goPackagePath = "github.com/docker-slim/docker-slim"; + + src = fetchFromGitHub { + owner = "docker-slim"; + repo = "docker-slim"; + rev = version; + sha256 = "0qfjmwqxgghp9pqj4s2z71cmn8mi1l6655z6nbhh72yqaxh5a6ia"; + }; + + subPackages = [ "cmd/docker-slim" "cmd/docker-slim-sensor" ]; + + nativeBuildInputs = [ + makeWrapper + ]; + + buildFlagsArray = [ + ''-ldflags= + -s -w -X ${goPackagePath}/pkg/version.appVersionTag=${version} + -X ${goPackagePath}/pkg/version.appVersionRev=${src.rev} + '' + ]; + + # docker-slim tries to create its state dir next to the binary (inside the nix + # store), so we set it to use the working directory at the time of invocation + postInstall = '' + wrapProgram "$out/bin/docker-slim" --add-flags '--state-path "$(pwd)"' + ''; + + meta = with stdenv.lib; { + description = "Minify and secure Docker containers"; + homepage = "https://dockersl.im/"; + license = licenses.asl20; + maintainers = with maintainers; [ filalex77 marsam mbrgm ]; + # internal/app/sensor/monitors/ptrace/monitor.go:151:16: undefined: + # system.CallNumber + # internal/app/sensor/monitors/ptrace/monitor.go:161:15: undefined: + # system.CallReturnValue + badPlatforms = [ "aarch64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/default.nix b/nixpkgs/pkgs/applications/virtualization/docker/default.nix new file mode 100644 index 000000000000..f7c49526fb1f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/default.nix @@ -0,0 +1,210 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, removeReferencesTo, installShellFiles, pkgconfig +, go-md2man, go, containerd, runc, docker-proxy, tini, libtool +, sqlite, iproute, lvm2, systemd +, btrfs-progs, iptables, e2fsprogs, xz, utillinux, xfsprogs, git +, procps, libseccomp +}: + +with lib; + +rec { + dockerGen = { + version, rev, sha256 + , runcRev, runcSha256 + , containerdRev, containerdSha256 + , tiniRev, tiniSha256 + } : + let + docker-runc = runc.overrideAttrs (oldAttrs: { + name = "docker-runc-${version}"; + inherit version; + src = fetchFromGitHub { + owner = "opencontainers"; + repo = "runc"; + rev = runcRev; + sha256 = runcSha256; + }; + # docker/runc already include these patches / are not applicable + patches = []; + }); + + docker-containerd = containerd.overrideAttrs (oldAttrs: { + name = "docker-containerd-${version}"; + inherit version; + src = fetchFromGitHub { + owner = "docker"; + repo = "containerd"; + rev = containerdRev; + sha256 = containerdSha256; + }; + }); + + docker-tini = tini.overrideAttrs (oldAttrs: { + name = "docker-init-${version}"; + inherit version; + src = fetchFromGitHub { + owner = "krallin"; + repo = "tini"; + rev = tiniRev; + sha256 = tiniSha256; + }; + + # Do not remove static from make files as we want a static binary + patchPhase = '' + ''; + + NIX_CFLAGS_COMPILE = "-DMINIMAL=ON"; + }); + in + stdenv.mkDerivation ((optionalAttrs (stdenv.isLinux) { + + inherit docker-runc docker-containerd docker-proxy docker-tini; + + DOCKER_BUILDTAGS = [] + ++ optional (systemd != null) [ "journald" ] + ++ optional (btrfs-progs == null) "exclude_graphdriver_btrfs" + ++ optional (lvm2 == null) "exclude_graphdriver_devicemapper" + ++ optional (libseccomp != null) "seccomp"; + + }) // { + inherit version rev; + + name = "docker-${version}"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "docker-ce"; + rev = "v${version}"; + sha256 = sha256; + }; + + nativeBuildInputs = [ installShellFiles pkgconfig ]; + buildInputs = [ + makeWrapper removeReferencesTo go-md2man go libtool + ] ++ optionals (stdenv.isLinux) [ + sqlite lvm2 btrfs-progs systemd libseccomp + ]; + + dontStrip = true; + + buildPhase = '' + export GOCACHE="$TMPDIR/go-cache" + '' + (optionalString (stdenv.isLinux) '' + # build engine + cd ./components/engine + export AUTO_GOPATH=1 + export DOCKER_GITCOMMIT="${rev}" + export VERSION="${version}" + ./hack/make.sh dynbinary + cd - + '') + '' + # build cli + cd ./components/cli + # Mimic AUTO_GOPATH + mkdir -p .gopath/src/github.com/docker/ + ln -sf $PWD .gopath/src/github.com/docker/cli + export GOPATH="$PWD/.gopath:$GOPATH" + export GITCOMMIT="${rev}" + export VERSION="${version}" + source ./scripts/build/.variables + export CGO_ENABLED=1 + go build -tags pkcs11 --ldflags "$LDFLAGS" github.com/docker/cli/cmd/docker + cd - + ''; + + # systemd 230 no longer has libsystemd-journal as a separate entity from libsystemd + patchPhase = '' + substituteInPlace ./components/cli/scripts/build/.variables --replace "set -eu" "" + '' + optionalString (stdenv.isLinux) '' + patchShebangs . + substituteInPlace ./components/engine/hack/make.sh --replace libsystemd-journal libsystemd + substituteInPlace ./components/engine/daemon/logger/journald/read.go --replace libsystemd-journal libsystemd + ''; + + outputs = ["out" "man"]; + + extraPath = optionals (stdenv.isLinux) (makeBinPath [ iproute iptables e2fsprogs xz xfsprogs procps utillinux git ]); + + installPhase = optionalString (stdenv.isLinux) '' + install -Dm755 ./components/engine/bundles/dynbinary-daemon/dockerd $out/libexec/docker/dockerd + + makeWrapper $out/libexec/docker/dockerd $out/bin/dockerd \ + --prefix PATH : "$out/libexec/docker:$extraPath" + + # docker uses containerd now + ln -s ${docker-containerd}/bin/containerd $out/libexec/docker/containerd + ln -s ${docker-containerd}/bin/containerd-shim $out/libexec/docker/containerd-shim + ln -s ${docker-runc}/bin/runc $out/libexec/docker/runc + ln -s ${docker-proxy}/bin/docker-proxy $out/libexec/docker/docker-proxy + ln -s ${docker-tini}/bin/tini-static $out/libexec/docker/docker-init + + # systemd + install -Dm644 ./components/engine/contrib/init/systemd/docker.service $out/etc/systemd/system/docker.service + '' + '' + install -Dm755 ./components/cli/docker $out/libexec/docker/docker + + makeWrapper $out/libexec/docker/docker $out/bin/docker \ + --prefix PATH : "$out/libexec/docker:$extraPath" + + # completion (cli) + installShellCompletion --bash ./components/cli/contrib/completion/bash/docker + installShellCompletion --fish ./components/cli/contrib/completion/fish/docker.fish + installShellCompletion --zsh ./components/cli/contrib/completion/zsh/_docker + + # Include contributed man pages (cli) + # Generate man pages from cobra commands + echo "Generate man pages from cobra" + cd ./components/cli + mkdir -p ./man/man1 + go build -o ./gen-manpages github.com/docker/cli/man + ./gen-manpages --root . --target ./man/man1 + + # Generate legacy pages from markdown + echo "Generate legacy manpages" + ./man/md2man-all.sh -q + + installManPage man/*/*.[1-9] + ''; + + preFixup = '' + find $out -type f -exec remove-references-to -t ${go} -t ${stdenv.cc.cc} '{}' + + '' + optionalString (stdenv.isLinux) '' + find $out -type f -exec remove-references-to -t ${stdenv.glibc.dev} '{}' + + ''; + + meta = { + homepage = "https://www.docker.com/"; + description = "An open source project to pack, ship and run any application as a lightweight container"; + license = licenses.asl20; + maintainers = with maintainers; [ nequissimus offline tailhook vdemeester periklis ]; + platforms = with platforms; linux ++ darwin; + }; + }); + + # Get revisions from + # https://github.com/docker/docker-ce/tree/${version}/components/engine/hack/dockerfile/install/* + + docker_18_09 = makeOverridable dockerGen { + version = "18.09.9"; + rev = "039a7df9ba8097dd987370782fcdd6ea79b26016"; + sha256 = "0wqhjx9qs96q2jd091wffn3cyv2aslqn2cvpdpgljk8yr9s0yg7h"; + runcRev = "3e425f80a8c931f88e6d94a8c831b9d5aa481657"; + runcSha256 = "18psc830b2rkwml1x6vxngam5b5wi3pj14mw817rshpzy87prspj"; + containerdRev = "894b81a4b802e4eb2a91d1ce216b8817763c29fb"; + containerdSha256 = "0sp5mn5wd3xma4svm6hf67hyhiixzkzz6ijhyjkwdrc4alk81357"; + tiniRev = "fec3683b971d9c3ef73f284f176672c44b448662"; + tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; + }; + + docker_19_03 = makeOverridable dockerGen { + version = "19.03.8"; + rev = "afacb8b7f0d8d4f9d2a8e8736e9c993e672b41f3"; + sha256 = "15iq16rlnkw78lvapcfpbnsnxhdjbvfvgzg3xzxhpdg1dmq40b6j"; + runcRev = "dc9208a3303feef5b3839f4323d9beb36df0a9dd"; # v1.0.0-rc10 + runcSha256 = "0pi3rvj585997m4z9ljkxz2z9yxf9p2jr0pmqbqrc7bc95f5hagk"; + containerdRev = "7ad184331fa3e55e52b890ea95e65ba581ae3429"; # v1.2.13 + containerdSha256 = "1rac3iak3jpz57yarxc72bxgxvravwrl0j6s6w2nxrmh2m3kxqzn"; + tiniRev = "fec3683b971d9c3ef73f284f176672c44b448662"; # v0.18.0 + tiniSha256 = "1h20i3wwlbd8x4jr2gz68hgklh0lb0jj7y5xk1wvr8y58fip1rdn"; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix b/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix new file mode 100644 index 000000000000..a408d20f3ba0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/distribution.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + pname = "distribution"; + version = "2.7.1"; + rev = "v${version}"; + + goPackagePath = "github.com/docker/distribution"; + + src = fetchFromGitHub { + owner = "docker"; + repo = "distribution"; + inherit rev; + sha256 = "1nx8b5a68rn81alp8wkkw6qd5v32mgf0fk23mxm60zdf63qk1nzw"; + }; + + meta = with stdenv.lib; { + description = "The Docker toolset to pack, ship, store, and deliver content"; + license = licenses.asl20; + maintainers = [ maintainers.globin ]; + platforms = platforms.unix; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/gc.nix b/nixpkgs/pkgs/applications/virtualization/docker/gc.nix new file mode 100644 index 000000000000..08cfba59918f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/gc.nix @@ -0,0 +1,33 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, docker, coreutils, procps, gnused, findutils, gnugrep }: + +with lib; + +stdenv.mkDerivation rec { + name = "docker-gc-${rev}"; + rev = "b0cc52aa3da2e2ac0080794e0be6e674b1f063fc"; + + src = fetchFromGitHub { + inherit rev; + owner = "spotify"; + repo = "docker-gc"; + sha256 = "07wf9yn0f771xkm3x12946x5rp83hxjkd70xgfgy35zvj27wskzm"; + }; + + buildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -p $out/bin + cp docker-gc $out/bin + chmod +x $out/bin/docker-gc + wrapProgram $out/bin/docker-gc \ + --prefix PATH : "${stdenv.lib.makeBinPath [ docker coreutils procps gnused findutils gnugrep ]}" + ''; + + meta = { + description = "Docker garbage collection of containers and images"; + license = licenses.asl20; + homepage = "https://github.com/spotify/docker-gc"; + maintainers = with maintainers; [offline]; + platforms = docker.meta.platforms; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix b/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix new file mode 100644 index 000000000000..cb3518d7d3da --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/docker/proxy.nix @@ -0,0 +1,29 @@ +{ stdenv, buildGoPackage, fetchFromGitHub }: + +buildGoPackage rec { + name = "docker-proxy-${rev}"; + rev = "7b2b1feb1de4817d522cc372af149ff48d25028e"; + + src = fetchFromGitHub { + inherit rev; + owner = "docker"; + repo = "libnetwork"; + sha256 = "1ng577k11cyv207bp0vaz5jjfcn2igd6w95zn4izcq1nldzp5935"; + }; + + goPackagePath = "github.com/docker/libnetwork"; + + goDeps = null; + + installPhase = '' + install -m755 -D ./go/bin/proxy $out/bin/docker-proxy + ''; + + meta = with stdenv.lib; { + description = "Docker proxy binary to forward traffic between host and containers"; + license = licenses.asl20; + homepage = "https://github.com/docker/libnetwork"; + maintainers = with maintainers; [vdemeester]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix new file mode 100644 index 000000000000..faa1076e2998 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-pvdrivers/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchgit }: + +stdenv.mkDerivation { + name = "win-pvdrivers-git-20150701"; + version = "20150701"; + + src = fetchgit { + url = "https://github.com/ts468/win-pvdrivers"; + rev = "3054d645fc3ee182bea3e97ff01869f01cc3637a"; + sha256 = "6232ca2b7c9af874abbcb9262faf2c74c819727ed2eb64599c790879df535106"; + }; + + buildPhase = + let unpack = x: "tar xf $src/${x}.tar; mkdir -p x86/${x} amd64/${x}; cp ${x}/x86/* x86/${x}/.; cp ${x}/x64/* amd64/${x}/."; + in stdenv.lib.concatStringsSep "\n" (map unpack ["xenbus" "xeniface" "xenvif" "xennet" "xenvbd"]); + + installPhase = '' + mkdir -p $out + cp -r x86 $out/. + cp -r amd64 $out/. + ''; + + meta = with stdenv.lib; { + description = "Xen Subproject: Windows PV Driver"; + homepage = "http://xenproject.org/downloads/windows-pv-drivers.html"; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + license = licenses.bsd3; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-qemu/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-qemu/default.nix new file mode 100644 index 000000000000..97a1f0b3039b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-qemu/default.nix @@ -0,0 +1,38 @@ +{ stdenv, fetchurl, p7zip }: + +stdenv.mkDerivation { + name = "win-qemu-0.1.105-1"; + version = "0.1.105-1"; + + phases = [ "buildPhase" "installPhase" ]; + + src = fetchurl { + url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.105-1/virtio-win.iso"; + sha256 = "065gz7s77y0q9kfqbr27451sr28rm9azpi88sqjkfph8c6r8q3wc"; + }; + + buildPhase = '' + ${p7zip}/bin/7z x $src + ''; + + installPhase = + let + copy_pvpanic = arch: version: "mkdir -p $out/${arch}/qemupanic; cp pvpanic/${version}/${arch}/* $out/${arch}/qemupanic/. \n"; + copy_pciserial = arch: "mkdir -p $out/${arch}/qemupciserial; cp qemupciserial/* $out/${arch}/qemupciserial/. \n"; + copy_agent = arch: '' + mkdir -p $out/${arch}/qemuagent + cp guest-agent/${if arch=="x86" then "qemu-ga-x86.msi" else "qemu-ga-x64.msi"} $out/${arch}/qemuagent/qemu-guest-agent.msi + (cd $out/${arch}/qemuagent; ${p7zip}/bin/7z x qemu-guest-agent.msi; rm qemu-guest-agent.msi) + ''; + copy = arch: version: (copy_pvpanic arch version) + (copy_pciserial arch) + (copy_agent arch); + in + (copy "amd64" "w8.1") + (copy "x86" "w8.1"); + + meta = with stdenv.lib; { + description = "Windows QEMU Drivers"; + homepage = "https://fedoraproject.org/wiki/Windows_Virtio_Drivers"; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix new file mode 100644 index 000000000000..c4684a20914f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-signed-gplpv-drivers/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, p7zip }: + +let + src_x86 = fetchurl { + url = "http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x32_signed_0.11.0.373.msi"; + sha256 = "04r11xw8ikjmcdhrsk878c86g0d0pvras5arsas3zs6dhgjykqap"; + }; + + src_amd64 = fetchurl { + url = "http://apt.univention.de/download/addons/gplpv-drivers/gplpv_Vista2008x64_signed_0.11.0.373.msi"; + sha256 = "00k628mg9b039p8lmg2l9n81dr15svy70p3m6xmq6f0frmci38ph"; + }; +in + +stdenv.mkDerivation { + name = "gplpv-0.11.0.373"; + version = "0.11.0.373"; + + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + mkdir -p x86 + (cd x86; ${p7zip}/bin/7z e ${src_x86}) + mkdir -p amd64 + (cd amd64; ${p7zip}/bin/7z e ${src_amd64}) + ''; + + installPhase = '' + mkdir -p $out/x86 $out/amd64 + cp x86/* $out/x86/. + cp amd64/* $out/amd64/. + ''; + + meta = with stdenv.lib; { + description = '' + A collection of open source Window PV drivers that allow + Windows to be para-virtualized. + The drivers are signed by Univention with a Software Publishers + Certificate obtained from the VeriSign CA. + ''; + homepage = "http://wiki.univention.de/index.php?title=Installing-signed-GPLPV-drivers"; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-spice/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-spice/default.nix new file mode 100644 index 000000000000..f327512b128e --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-spice/default.nix @@ -0,0 +1,70 @@ +{ stdenv, fetchurl, p7zip, win-virtio }: + +let + src_usbdk_x86 = fetchurl { + url = "https://www.spice-space.org/download/windows/usbdk/UsbDk_1.0.4_x86.msi"; + sha256 = "17hv8034wk1xqnanm5jxs4741nl7asps1fdz6lhnrpp6gvj6yg9y"; + }; + + src_usbdk_amd64 = fetchurl { + url = "https://www.spice-space.org/download/windows/usbdk/UsbDk_1.0.4_x64.msi"; + sha256 = "0alcqsivp33pm8sy0lmkvq7m5yh6mmcmxdl39zjxjra67kw8r2sd"; + }; + + src_qxlwddm = fetchurl { + url = "https://people.redhat.com/~vrozenfe/qxlwddm/qxlwddm-0.11.zip"; + sha256 = "082zdpbh9i3bq2ds8g33rcbcw390jsm7cqf46rrlx02x8r03dm98"; + }; + + src_vdagent_x86 = fetchurl { + url = "https://www.spice-space.org/download/windows/vdagent/vdagent-win-0.7.3/vdagent_0_7_3_x86.zip"; + sha256 = "0d928g49rf4dl79jmvnqh6g864hp1flw1f0384sfp82himm3bxjs"; + }; + + src_vdagent_amd64 = fetchurl { + url = "https://www.spice-space.org/download/windows/vdagent/vdagent-win-0.7.3/vdagent_0_7_3_x64.zip"; + sha256 = "0djmvm66jcmcyhhbjppccbai45nqpva7vyvry6w8nyc0fwi1vm9l"; + }; +in + +stdenv.mkDerivation { + # use version number of qxlwddm as qxlwddm is the most important component + name = "win-spice-0.11"; + version = "0.11"; + + phases = [ "buildPhase" "installPhase" ]; + + buildPhase = '' + mkdir -p usbdk/x86 usbdk/amd64 + (cd usbdk/x86; ${p7zip}/bin/7z x ${src_usbdk_x86}) + (cd usbdk/amd64; ${p7zip}/bin/7z x ${src_usbdk_amd64}) + + mkdir -p vdagent/x86 vdagent/amd64 + (cd vdagent/x86; ${p7zip}/bin/7z x ${src_vdagent_x86}; mv vdagent_0_7_3_x86/* .; rm -r vdagent_0_7_3_x86) + (cd vdagent/amd64; ${p7zip}/bin/7z x ${src_vdagent_amd64}; mv vdagent_0_7_3_x64/* .; rm -r vdagent_0_7_3_x64) + + mkdir -p qxlwddm + (cd qxlwddm; ${p7zip}/bin/7z x ${src_qxlwddm}; mv Win8 w8.1; cd w8.1; mv x64 amd64) + ''; + + installPhase = + let + copy_qxl = arch: version: "mkdir -p $out/${arch}/qxl; cp qxlwddm/${version}/${arch}/* $out/${arch}/qxl/. \n"; + copy_usbdk = arch: "mkdir -p $out/${arch}/usbdk; cp usbdk/${arch}/* $out/${arch}/usbdk/. \n"; + copy_vdagent = arch: "mkdir -p $out/${arch}/vdagent; cp vdagent/${arch}/* $out/${arch}/vdagent/. \n"; + # SPICE needs vioserial + # TODO: Link windows version in win-spice (here) to version used in win-virtio. + # That way it would never matter whether vioserial is installed from win-virtio or win-spice. + copy_vioserial = arch: "mkdir -p $out/${arch}/vioserial; cp ${win-virtio}/${arch}/vioserial/* $out/${arch}/vioserial/. \n"; + copy = arch: version: (copy_qxl arch version) + (copy_usbdk arch) + (copy_vdagent arch) + (copy_vioserial arch); + in + (copy "amd64" "w8.1") + (copy "x86" "w8.1"); + + meta = with stdenv.lib; { + description = "Windows SPICE Drivers"; + homepage = "https://www.spice-space.org/"; + license = [ licenses.asl20 ]; # See https://github.com/vrozenfe/qxl-dod + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/driver/win-virtio/default.nix b/nixpkgs/pkgs/applications/virtualization/driver/win-virtio/default.nix new file mode 100644 index 000000000000..f8a52f5b898d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/driver/win-virtio/default.nix @@ -0,0 +1,36 @@ +{ stdenv, fetchurl, p7zip }: +stdenv.mkDerivation rec { + pname = "win-virtio"; + version = "0.1.141-1"; + + phases = [ "buildPhase" "installPhase" ]; + + src = fetchurl { + url = "https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-${version}/virtio-win.iso"; + sha256 = "0mn5gcgb9dk59nrw9scdza628yiji4vdkxmixikn9v02kgwnkja3"; + }; + + buildPhase = '' + ${p7zip}/bin/7z x $src + ''; + + installPhase = + let + copy = arch: version: {input, output}: "mkdir -p $out/${arch}/${output}; cp ${input}/${version}/${arch}/* $out/${arch}/${output}/."; + virtio = [{input="Balloon"; output="vioballoon";} + {input="NetKVM"; output="vionet";} + {input="vioscsi"; output="vioscsi";} + {input="vioserial"; output="vioserial";} + {input="viostor"; output="viostor";} + {input="viorng"; output="viorng";} + ]; + in + stdenv.lib.concatStringsSep "\n" ((map (copy "amd64" "w8.1") virtio) ++ (map (copy "x86" "w8.1") virtio)); + + meta = with stdenv.lib; { + description = "Windows VirtIO Drivers"; + homepage = "https://fedoraproject.org/wiki/Windows_Virtio_Drivers"; + maintainers = [ maintainers.tstrobel ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix b/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix new file mode 100644 index 000000000000..c7be90222c2e --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/dumb-init/default.nix @@ -0,0 +1,31 @@ +{ stdenv, fetchFromGitHub, glibc }: + +stdenv.mkDerivation rec { + pname = "dumb-init"; + version = "1.2.2"; + + src = fetchFromGitHub { + owner = "Yelp"; + repo = pname; + rev = "v${version}"; + sha256 = "15hgl8rz5dmrl5gx21sq5269l1hq539qn68xghjx0bv9hgbx0g20"; + }; + + buildInputs = [ glibc.static ]; + + installPhase = '' + runHook preInstall + + install -Dm755 -t $out/bin dumb-init + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "A minimal init system for Linux containers"; + homepage = "https://github.com/Yelp/dumb-init"; + license = licenses.mit; + maintainers = [ maintainers.marsam ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/dynamips/default.nix b/nixpkgs/pkgs/applications/virtualization/dynamips/default.nix new file mode 100644 index 000000000000..6f35257b50fd --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/dynamips/default.nix @@ -0,0 +1,30 @@ +{ stdenv, fetchFromGitHub, cmake, libelf, libpcap }: + +stdenv.mkDerivation rec { + pname = "dynamips"; + version = "0.2.21"; + + src = fetchFromGitHub { + owner = "GNS3"; + repo = pname; + rev = "v${version}"; + sha256 = "0pvdqs6kjz0x0wqb5f1k3r25dg82wssm7wz4psm0m6bxsvf5l0i5"; + }; + + nativeBuildInputs = [ cmake ]; + buildInputs = [ libelf libpcap ]; + + cmakeFlags = [ "-DDYNAMIPS_CODE=stable" ]; + + meta = with stdenv.lib; { + description = "A Cisco router emulator"; + longDescription = '' + Dynamips is an emulator computer program that was written to emulate Cisco + routers. + ''; + inherit (src.meta) homepage; + license = licenses.gpl2Plus; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/ecs-agent/default.nix b/nixpkgs/pkgs/applications/virtualization/ecs-agent/default.nix new file mode 100644 index 000000000000..691c74301e39 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/ecs-agent/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + pname = "amazon-ecs-agent"; + version = "1.18.0"; + + goPackagePath = "github.com/aws/${pname}"; + subPackages = [ "agent" ]; + + src = fetchFromGitHub { + rev = "v${version}"; + owner = "aws"; + repo = pname; + sha256 = "1l6c2if6wpjmq2hh6k818w38s1rsbwgd6igqy948dwcrb1g1mixr"; + }; + + meta = with stdenv.lib; { + description = "The agent that runs on AWS EC2 container instances and starts containers on behalf of Amazon ECS"; + homepage = "https://github.com/aws/amazon-ecs-agent"; + license = licenses.asl20; + platforms = platforms.unix; + maintainers = with maintainers; [ copumpkin ]; + }; +} + diff --git a/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix b/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix new file mode 100644 index 000000000000..79d1b606bcba --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/firecracker/default.nix @@ -0,0 +1,61 @@ +{ fetchurl, stdenv }: + +let + version = "0.21.1"; + + suffix = { + x86_64-linux = "x86_64"; + aarch64-linux = "aarch64"; + }."${stdenv.hostPlatform.system}" or (throw "Unsupported system: ${stdenv.hostPlatform.system}"); + + baseurl = "https://github.com/firecracker-microvm/firecracker/releases/download"; + fetchbin = name: sha256: fetchurl { + url = "${baseurl}/v${version}/${name}-v${version}-${suffix}"; + sha256 = sha256."${stdenv.hostPlatform.system}"; + }; + + firecracker-bin = fetchbin "firecracker" { + x86_64-linux = "0g4fja3bz1fsyz8vj99199yblkn46ygf33ldwd1ssw8f957vbwnb"; + aarch64-linux = "1qyppcxnh7f42fs4px5rvkk6lza57h2sq9naskvqn5zy4vsvq89s"; + }; + + jailer-bin = fetchbin "jailer" { + x86_64-linux = "0x89pfmqci9d3i9fi9b9zm94yr2v7pq7kp3drlb952jkdfj0njyk"; + aarch64-linux = "03fx9sk88jm23wqm8fraqd1ccfhbqvc310mkfv1f5p2ykhq2ahrk"; + }; + +in +stdenv.mkDerivation { + pname = "firecracker"; + inherit version; + srcs = [ firecracker-bin jailer-bin ]; + + unpackPhase = ":"; + configurePhase = ":"; + + buildPhase = '' + cp ${firecracker-bin} firecracker + cp ${jailer-bin} jailer + chmod +x firecracker jailer + ''; + + doCheck = true; + checkPhase = '' + ./firecracker --version + ./jailer --version + ''; + + installPhase = '' + mkdir -p $out/bin + install -D firecracker $out/bin/firecracker + install -D jailer $out/bin/jailer + ''; + + meta = with stdenv.lib; { + description = "Secure, fast, minimal micro-container virtualization"; + homepage = "http://firecracker-microvm.io"; + license = licenses.asl20; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ thoughtpolice ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/firectl/default.nix b/nixpkgs/pkgs/applications/virtualization/firectl/default.nix new file mode 100644 index 000000000000..f91cc6d5ed3e --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/firectl/default.nix @@ -0,0 +1,23 @@ +{ stdenv, buildGoModule, fetchFromGitHub }: + +buildGoModule rec { + pname = "firectl"; + version = "0.1.0"; + + src = fetchFromGitHub { + owner = "firecracker-microvm"; + repo = pname; + rev = "v${version}"; + sha256 = "1ni3yx4rjhrkqk2038c6hkb2jwsdj2llx233wd5wgpvb6c57652p"; + }; + + modSha256 = "1nqjz1afklcxc3xcpmygjdh3lfxjk6zvmghr8z8fr3nw2wvw2ddr"; + + meta = with stdenv.lib; { + description = "A command-line tool to run Firecracker microVMs"; + homepage = "https://github.com/firecracker-microvm/firectl"; + license = licenses.asl20; + platforms = platforms.linux; + maintainers = with maintainers; [ xrelkd ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix b/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix new file mode 100644 index 000000000000..702aeaded3e9 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/gvisor/containerd-shim.nix @@ -0,0 +1,36 @@ +{ lib, fetchFromGitHub, buildGoModule }: + +buildGoModule rec { + name = "gvisor-containerd-shim-${version}"; + version = "2019-10-09"; + + src = fetchFromGitHub { + owner = "google"; + repo = "gvisor-containerd-shim"; + rev = "f299b553afdd8455a0057862004061ea12e660f5"; + sha256 = "077bhrmjrpcxv1z020yxhx2c4asn66j21gxlpa6hz0av3lfck9lm"; + }; + + modSha256 = "1jdhgbrn59ahnabwnig99i21f6kimmqx9f3dg10ffwfs3dx0gzlg"; + + buildPhase = '' + make + ''; + + doCheck = true; + checkPhase = '' + make test + ''; + + installPhase = '' + make install DESTDIR="$out" + ''; + + meta = with lib; { + description = "containerd shim for gVisor"; + homepage = "https://github.com/google/gvisor-containerd-shim"; + license = licenses.asl20; + maintainers = with maintainers; [ andrew-d ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix b/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix new file mode 100644 index 000000000000..e157ca825af0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/gvisor/default.nix @@ -0,0 +1,101 @@ +{ stdenv +, buildBazelPackage +, fetchFromGitHub +, cacert +, git +, glibcLocales +, go +, iproute +, iptables +, makeWrapper +, procps +, python3 +}: + +let + preBuild = '' + patchShebangs . + + # Tell rules_go to use the Go binary found in the PATH + sed -E -i \ + -e 's|go_version\s*=\s*"[^"]+",|go_version = "host",|g' \ + WORKSPACE + + # The gazelle Go tooling needs CA certs + export SSL_CERT_FILE="${cacert}/etc/ssl/certs/ca-bundle.crt" + + # If we don't reset our GOPATH, the rules_go stdlib builder tries to + # install something into it. Ideally that wouldn't happen, but for now we + # can also get around it by unsetting GOPATH entirely, since rules_go + # doesn't need it. + export GOPATH= + ''; + +in buildBazelPackage rec { + name = "gvisor-${version}"; + version = "2019-11-14"; + + src = fetchFromGitHub { + owner = "google"; + repo = "gvisor"; + rev = "release-20191114.0"; + sha256 = "0kyixjjlws9iz2r2srgpdd4rrq94vpxkmh2rmmzxd9mcqy2i9bg1"; + }; + + nativeBuildInputs = [ git glibcLocales go makeWrapper python3 ]; + + bazelTarget = "//runsc:runsc"; + + # gvisor uses the Starlark implementation of rules_cc, not the built-in one, + # so we shouldn't delete it from our dependencies. + removeRulesCC = false; + + fetchAttrs = { + inherit preBuild; + + preInstall = '' + # Remove the go_sdk (it's just a copy of the go derivation) and all + # references to it from the marker files. Bazel does not need to download + # this sdk because we have patched the WORKSPACE file to point to the one + # currently present in PATH. Without removing the go_sdk from the marker + # file, the hash of it will change anytime the Go derivation changes and + # that would lead to impurities in the marker files which would result in + # a different sha256 for the fetch phase. + rm -rf $bazelOut/external/{go_sdk,\@go_sdk.marker} + + # Remove the gazelle tools, they contain go binaries that are built + # non-deterministically. As long as the gazelle version matches the tools + # should be equivalent. + rm -rf $bazelOut/external/{bazel_gazelle_go_repository_tools,\@bazel_gazelle_go_repository_tools.marker} + + # Remove the gazelle repository cache + chmod -R +w $bazelOut/external/bazel_gazelle_go_repository_cache + rm -rf $bazelOut/external/{bazel_gazelle_go_repository_cache,\@bazel_gazelle_go_repository_cache.marker} + + # Remove log file(s) + rm -f "$bazelOut"/java.log "$bazelOut"/java.log.* + ''; + + sha256 = "1bn7nhv5pag8fdm8l8nvgg3fzvhpy2yv9yl2slrb16lckxzha3v6"; + }; + + buildAttrs = { + inherit preBuild; + + installPhase = '' + install -Dm755 bazel-bin/runsc/*_pure_stripped/runsc $out/bin/runsc + + # Needed for the 'runsc do' subcomand + wrapProgram $out/bin/runsc \ + --prefix PATH : ${stdenv.lib.makeBinPath [ iproute iptables procps ]} + ''; + }; + + meta = with stdenv.lib; { + description = "Container Runtime Sandbox"; + homepage = "https://github.com/google/gvisor"; + license = licenses.asl20; + maintainers = with maintainers; [ andrew-d ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/hercules/default.nix b/nixpkgs/pkgs/applications/virtualization/hercules/default.nix new file mode 100644 index 000000000000..901e2f0b6ec0 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/hercules/default.nix @@ -0,0 +1,18 @@ +{ stdenv, fetchurl }: + +stdenv.mkDerivation rec { + pname = "hercules"; + version = "3.13"; + + src = fetchurl { + url = "http://downloads.hercules-390.eu/${pname}-${version}.tar.gz"; + sha256 = "0zg6rwz8ib4alibf8lygi8qn69xx8n92kbi8b3jhi1ymb32mf349"; + }; + + meta = with stdenv.lib; { + description = "IBM mainframe emulator"; + homepage = "http://www.hercules-390.eu"; + license = licenses.qpl; + maintainers = [ maintainers.dkudriavtsev ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/lkl/default.nix b/nixpkgs/pkgs/applications/virtualization/lkl/default.nix new file mode 100644 index 000000000000..7a6ccc67bb50 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/lkl/default.nix @@ -0,0 +1,68 @@ +{ stdenv, fetchFromGitHub, bc, python, bison, flex, fuse, libarchive +, buildPackages }: + +stdenv.mkDerivation rec { + pname = "lkl"; + version = "2019-10-04"; + rev = "06ca3ddb74dc5b84fa54fa1746737f2df502e047"; + + outputs = [ "dev" "lib" "out" ]; + + nativeBuildInputs = [ bc bison flex python ]; + + buildInputs = [ fuse libarchive ]; + + src = fetchFromGitHub { + inherit rev; + owner = "lkl"; + repo = "linux"; + sha256 = "0qjp0r338bwgrqdsvy5mkdh7ryas23m47yvxfwdknfyl0k3ylq62"; + }; + + # Fix a /usr/bin/env reference in here that breaks sandboxed builds + prePatch = "patchShebangs arch/lkl/scripts"; + # Fixup build with newer Linux headers: https://github.com/lkl/linux/pull/484 + postPatch = "sed '1i#include <linux/sockios.h>' -i tools/lkl/lib/hijack/xlate.c"; + + installPhase = '' + mkdir -p $out/bin $lib/lib $dev + + cp tools/lkl/bin/lkl-hijack.sh $out/bin + sed -i $out/bin/lkl-hijack.sh \ + -e "s,LD_LIBRARY_PATH=.*,LD_LIBRARY_PATH=$lib/lib," + + cp tools/lkl/{cptofs,fs2tar,lklfuse} $out/bin + ln -s cptofs $out/bin/cpfromfs + cp -r tools/lkl/include $dev/ + cp tools/lkl/liblkl.a \ + tools/lkl/lib/liblkl.so \ + tools/lkl/lib/hijack/liblkl-hijack.so $lib/lib + ''; + + # We turn off format and fortify because of these errors (fortify implies -O2, which breaks the jitter entropy code): + # fs/xfs/xfs_log_recover.c:2575:3: error: format not a string literal and no format arguments [-Werror=format-security] + # crypto/jitterentropy.c:54:3: error: #error "The CPU Jitter random number generator must not be compiled with optimizations. See documentation. Use the compiler switch -O0 for compiling jitterentropy.c." + hardeningDisable = [ "format" "fortify" ]; + + makeFlags = [ + "-C tools/lkl" + "CC=${stdenv.cc}/bin/${stdenv.cc.targetPrefix}cc" + "HOSTCC=${buildPackages.stdenv.cc}/bin/${buildPackages.stdenv.cc.targetPrefix}cc" + "CROSS_COMPILE=${stdenv.cc.targetPrefix}" + ]; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "The Linux kernel as a library"; + longDescription = '' + LKL (Linux Kernel Library) aims to allow reusing the Linux kernel code as + extensively as possible with minimal effort and reduced maintenance + overhead + ''; + homepage = "https://github.com/lkl/linux/"; + platforms = [ "x86_64-linux" "aarch64-linux" "armv7l-linux" "armv6l-linux" ]; # Darwin probably works too but I haven't tested it + license = licenses.gpl2; + maintainers = with maintainers; [ copumpkin ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix b/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix new file mode 100644 index 000000000000..a0ec55dd895b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/looking-glass-client/default.nix @@ -0,0 +1,49 @@ +{ stdenv, fetchFromGitHub, fetchpatch +, cmake, pkgconfig, SDL2, SDL, SDL2_ttf, openssl, spice-protocol, fontconfig +, libX11, freefont_ttf, nettle, libconfig, wayland, libpthreadstubs, libXdmcp +, libXfixes, libbfd +}: + +stdenv.mkDerivation rec { + pname = "looking-glass-client"; + version = "B1"; + + src = fetchFromGitHub { + owner = "gnif"; + repo = "LookingGlass"; + rev = version; + sha256 = "0vykv7yjz4fima9d82m83acd8ab72nq4wyzyfs1c499i27wz91ia"; + }; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ + SDL SDL2 SDL2_ttf openssl spice-protocol fontconfig + libX11 freefont_ttf nettle libconfig wayland libpthreadstubs + libXdmcp libXfixes libbfd cmake + ]; + + enableParallelBuilding = true; + + sourceRoot = "source/client"; + + installPhase = '' + mkdir -p $out/bin + mv looking-glass-client $out/bin + ''; + + meta = with stdenv.lib; { + description = "A KVM Frame Relay (KVMFR) implementation"; + longDescription = '' + Looking Glass is an open source application that allows the use of a KVM + (Kernel-based Virtual Machine) configured for VGA PCI Pass-through + without an attached physical monitor, keyboard or mouse. This is the final + step required to move away from dual booting with other operating systems + for legacy programs that require high performance graphics. + ''; + homepage = "https://looking-glass.hostfission.com/"; + license = licenses.gpl2Plus; + maintainers = [ maintainers.alexbakker ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/config.toml b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/config.toml new file mode 100644 index 000000000000..bbd166995f36 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/config.toml @@ -0,0 +1,13 @@ +disable-require = false +#swarm-resource = "DOCKER_RESOURCE_GPU" + +[nvidia-container-cli] +#root = "/run/nvidia/driver" +#path = "/usr/bin/nvidia-container-cli" +environment = [] +#debug = "/var/log/nvidia-container-runtime-hook.log" +ldcache = "/tmp/ld.so.cache" +load-kmods = true +#no-cgroups = false +#user = "root:video" +ldconfig = "@@glibcbin@/bin/ldconfig" diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/default.nix b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/default.nix new file mode 100644 index 000000000000..b56b88cf87ef --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/default.nix @@ -0,0 +1,84 @@ +{ stdenv, lib, fetchFromGitHub, fetchpatch, callPackage, makeWrapper +, buildGoPackage, runc, glibc }: + +with lib; let + + glibc-ldconf = glibc.overrideAttrs (oldAttrs: { + # ldconfig needs help reading libraries that have been patchelf-ed, as the + # .dynstr section is no longer in the first LOAD segment. See also + # https://sourceware.org/bugzilla/show_bug.cgi?id=23964 and + # https://github.com/NixOS/patchelf/issues/44 + patches = oldAttrs.patches ++ [ (fetchpatch { + name = "ldconfig-patchelf.patch"; + url = "https://sourceware.org/bugzilla/attachment.cgi?id=11444"; + sha256 = "0nzzmq7pli37iyjrgcmvcy92piiwjybpw245ds7q43pbgdm7lc3s"; + })]; + }); + + libnvidia-container = callPackage ./libnvc.nix { }; + + nvidia-container-runtime = fetchFromGitHub { + owner = "NVIDIA"; + repo = "nvidia-container-runtime"; + rev = "runtime-v2.0.0"; + sha256 = "0jcj5xxbg7x7gyhbb67h3ds6vly62gx7j02zm6lg102h34jajj7a"; + }; + + nvidia-container-runtime-hook = buildGoPackage { + pname = "nvidia-container-runtime-hook"; + version = "1.4.0"; + + goPackagePath = "nvidia-container-runtime-hook"; + + src = "${nvidia-container-runtime}/hook/nvidia-container-runtime-hook"; + }; + + nvidia-runc = runc.overrideAttrs (oldAttrs: rec { + name = "nvidia-runc"; + version = "1.0.0-rc6"; + src = fetchFromGitHub { + owner = "opencontainers"; + repo = "runc"; + rev = "v${version}"; + sha256 = "1jwacb8xnmx5fr86gximhbl9dlbdwj3rpf27hav9q1si86w5pb1j"; + }; + patches = [ "${nvidia-container-runtime}/runtime/runc/3f2f8b84a77f73d38244dd690525642a72156c64/0001-Add-prestart-hook-nvidia-container-runtime-hook-to-t.patch" ]; + }); + +in stdenv.mkDerivation rec { + pname = "nvidia-docker"; + version = "2.0.3"; + + src = fetchFromGitHub { + owner = "NVIDIA"; + repo = "nvidia-docker"; + rev = "v${version}"; + sha256 = "1vx5m591mnvcb9vy0196x5lh3r8swjsk0fnlv5h62m7m4m07v6wx"; + }; + + nativeBuildInputs = [ makeWrapper ]; + + buildPhase = '' + mkdir bin + cp nvidia-docker bin + cp ${libnvidia-container}/bin/nvidia-container-cli bin + cp ${nvidia-container-runtime-hook}/bin/nvidia-container-runtime-hook bin + cp ${nvidia-runc}/bin/runc bin/nvidia-container-runtime + ''; + + installPhase = '' + mkdir -p $out/{bin,etc} + cp -r bin $out + wrapProgram $out/bin/nvidia-container-cli \ + --prefix LD_LIBRARY_PATH : /run/opengl-driver/lib:/run/opengl-driver-32/lib + cp ${./config.toml} $out/etc/config.toml + substituteInPlace $out/etc/config.toml --subst-var-by glibcbin ${lib.getBin glibc-ldconf} + ''; + + meta = { + homepage = "https://github.com/NVIDIA/nvidia-docker"; + description = "NVIDIA container runtime for Docker"; + license = licenses.bsd3; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch new file mode 100644 index 000000000000..9ae8d6b5e756 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc-ldconfig-and-path-fixes.patch @@ -0,0 +1,130 @@ +diff --git a/src/ldcache.c b/src/ldcache.c +index 38bab05..e1abc89 100644 +--- a/src/ldcache.c ++++ b/src/ldcache.c +@@ -108,40 +108,27 @@ ldcache_close(struct ldcache *ctx) + + int + ldcache_resolve(struct ldcache *ctx, uint32_t arch, const char *root, const char * const libs[], +- char *paths[], size_t size, ldcache_select_fn select, void *select_ctx) ++ char *paths[], size_t size, const char* version) + { + char path[PATH_MAX]; +- struct header_libc6 *h; +- int override; ++ char dir[PATH_MAX]; ++ char lib[PATH_MAX]; + +- h = (struct header_libc6 *)ctx->ptr; + memset(paths, 0, size * sizeof(*paths)); + +- for (uint32_t i = 0; i < h->nlibs; ++i) { +- int32_t flags = h->libs[i].flags; +- char *key = (char *)ctx->ptr + h->libs[i].key; +- char *value = (char *)ctx->ptr + h->libs[i].value; +- +- if (!(flags & LD_ELF) || (flags & LD_ARCH_MASK) != arch) ++ for (size_t j = 0; j < size; ++j) { ++ snprintf(dir, 100, "/run/opengl-driver%s/lib", ++ arch == LD_I386_LIB32 ? "-32" : ""); ++ if (!strncmp(libs[j], "libvdpau_nvidia.so", 100)) ++ strcat(dir, "/vdpau"); ++ snprintf(lib, 100, "%s/%s.%s", dir, libs[j], version); ++ if (path_resolve_full(ctx->err, path, "/", lib) < 0) ++ return (-1); ++ if (!file_exists(ctx->err, path)) + continue; +- +- for (size_t j = 0; j < size; ++j) { +- if (!str_has_prefix(key, libs[j])) +- continue; +- if (path_resolve(ctx->err, path, root, value) < 0) +- return (-1); +- if (paths[j] != NULL && str_equal(paths[j], path)) +- continue; +- if ((override = select(ctx->err, select_ctx, root, paths[j], path)) < 0) +- return (-1); +- if (override) { +- free(paths[j]); +- paths[j] = xstrdup(ctx->err, path); +- if (paths[j] == NULL) +- return (-1); +- } +- break; +- } ++ paths[j] = xstrdup(ctx->err, path); ++ if (paths[j] == NULL) ++ return (-1); + } + return (0); + } +diff --git a/src/ldcache.h b/src/ldcache.h +index 33d78dd..2b087db 100644 +--- a/src/ldcache.h ++++ b/src/ldcache.h +@@ -50,6 +50,6 @@ void ldcache_init(struct ldcache *, struct error *, const char *); + int ldcache_open(struct ldcache *); + int ldcache_close(struct ldcache *); + int ldcache_resolve(struct ldcache *, uint32_t, const char *, const char * const [], +- char *[], size_t, ldcache_select_fn, void *); ++ char *[], size_t, const char*); + + #endif /* HEADER_LDCACHE_H */ +diff --git a/src/nvc_info.c b/src/nvc_info.c +index 30e3cfd..6d12a50 100644 +--- a/src/nvc_info.c ++++ b/src/nvc_info.c +@@ -167,15 +167,13 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char * + if (path_resolve_full(err, path, root, ldcache) < 0) + return (-1); + ldcache_init(&ld, err, path); +- if (ldcache_open(&ld) < 0) +- return (-1); + + info->nlibs = size; + info->libs = array_new(err, size); + if (info->libs == NULL) + goto fail; + if (ldcache_resolve(&ld, LIB_ARCH, root, libs, +- info->libs, info->nlibs, select_libraries, info) < 0) ++ info->libs, info->nlibs, info->nvrm_version) < 0) + goto fail; + + info->nlibs32 = size; +@@ -183,13 +181,11 @@ find_library_paths(struct error *err, struct nvc_driver_info *info, const char * + if (info->libs32 == NULL) + goto fail; + if (ldcache_resolve(&ld, LIB32_ARCH, root, libs, +- info->libs32, info->nlibs32, select_libraries, info) < 0) ++ info->libs32, info->nlibs32, info->nvrm_version) < 0) + goto fail; + rv = 0; + + fail: +- if (ldcache_close(&ld) < 0) +- return (-1); + return (rv); + } + +@@ -203,7 +199,7 @@ find_binary_paths(struct error *err, struct nvc_driver_info *info, const char *r + char path[PATH_MAX]; + int rv = -1; + +- if ((env = secure_getenv("PATH")) == NULL) { ++ if ((env = "/run/nvidia-docker/bin:/run/nvidia-docker/extras/bin") == NULL) { + error_setx(err, "environment variable PATH not found"); + return (-1); + } +diff --git a/src/nvc_ldcache.c b/src/nvc_ldcache.c +index 6ff380f..cbe6a69 100644 +--- a/src/nvc_ldcache.c ++++ b/src/nvc_ldcache.c +@@ -340,7 +340,7 @@ nvc_ldcache_update(struct nvc_context *ctx, const struct nvc_container *cnt) + if (validate_args(ctx, cnt != NULL) < 0) + return (-1); + +- argv = (char * []){cnt->cfg.ldconfig, cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL}; ++ argv = (char * []){cnt->cfg.ldconfig, "-f", "/tmp/ld.so.conf.nvidia-host", "-C", "/tmp/ld.so.cache.nvidia-host", cnt->cfg.libs_dir, cnt->cfg.libs32_dir, NULL}; + if (*argv[0] == '@') { + /* + * We treat this path specially to be relative to the host filesystem. diff --git a/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix new file mode 100644 index 000000000000..5b97d7fffa29 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/nvidia-docker/libnvc.nix @@ -0,0 +1,55 @@ +{ stdenv, lib, fetchFromGitHub, pkgconfig, libelf, libcap, libseccomp }: + +with lib; let + + modp-ver = "396.51"; + + nvidia-modprobe = fetchFromGitHub { + owner = "NVIDIA"; + repo = "nvidia-modprobe"; + rev = modp-ver; + sha256 = "1fw2qwc84k64agw6fx2v0mjf88aggph9c6qhs4cv7l3gmflv8qbk"; + }; + +in stdenv.mkDerivation rec { + pname = "libnvidia-container"; + version = "1.0.6"; + + src = fetchFromGitHub { + owner = "NVIDIA"; + repo = "libnvidia-container"; + rev = "v${version}"; + sha256 = "1pnpc9knwh8d1zqb28zc3spkjc00w0z10vd3jna8ksvpl35jl7w3"; + }; + + # locations of nvidia-driver libraries are not resolved via ldconfig which + # doesn't get used on NixOS. Additional support binaries like nvidia-smi are + # not resolved via the environment PATH but via the derivation output path. + patches = [ ./libnvc-ldconfig-and-path-fixes.patch ]; + + makeFlags = [ + "WITH_LIBELF=yes" + "prefix=$(out)" + ]; + + postPatch = '' + sed -i 's/^REVISION :=.*/REVISION = ${src.rev}/' mk/common.mk + sed -i 's/^COMPILER :=.*/COMPILER = $(CC)/' mk/common.mk + + mkdir -p deps/src/nvidia-modprobe-${modp-ver} + cp -r ${nvidia-modprobe}/* deps/src/nvidia-modprobe-${modp-ver} + chmod -R u+w deps/src + touch deps/src/nvidia-modprobe-${modp-ver}/.download_stamp + ''; + + nativeBuildInputs = [ pkgconfig ]; + + buildInputs = [ libelf libcap libseccomp ]; + + meta = { + homepage = "https://github.com/NVIDIA/libnvidia-container"; + description = "NVIDIA container runtime library"; + license = licenses.bsd3; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix new file mode 100644 index 000000000000..84f74ef6dd03 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/default.nix @@ -0,0 +1,76 @@ +{ stdenv, lib, fetchFromGitHub, makeWrapper, autoreconfHook, + fuse, libmspack, openssl, pam, xercesc, icu, libdnet, procps, + libX11, libXext, libXinerama, libXi, libXrender, libXrandr, libXtst, + pkgconfig, glib, gtk3, gtkmm3, iproute, dbus, systemd, which, + withX ? true }: + +stdenv.mkDerivation rec { + pname = "open-vm-tools"; + version = "11.0.5"; + + src = fetchFromGitHub { + owner = "vmware"; + repo = "open-vm-tools"; + rev = "stable-${version}"; + sha256 = "0idh8dqwb1df2di689090k9x1iap35jk3wg8yb1g70byichmscqb"; + }; + + sourceRoot = "${src.name}/open-vm-tools"; + + outputs = [ "out" "dev" ]; + + nativeBuildInputs = [ autoreconfHook makeWrapper pkgconfig ]; + buildInputs = [ fuse glib icu libdnet libmspack openssl pam procps xercesc ] + ++ lib.optionals withX [ gtk3 gtkmm3 libX11 libXext libXinerama libXi libXrender libXrandr libXtst ]; + + patches = [ ./recognize_nixos.patch ]; + postPatch = '' + # Build bugfix for 10.1.0, stolen from Arch PKGBUILD + mkdir -p common-agent/etc/config + sed -i 's|.*common-agent/etc/config/Makefile.*|\\|' configure.ac + + sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' Makefile.am + sed -i 's,^confdir = ,confdir = ''${prefix},' scripts/Makefile.am + sed -i 's,etc/vmware-tools,''${prefix}/etc/vmware-tools,' services/vmtoolsd/Makefile.am + sed -i 's,$(PAM_PREFIX),''${prefix}/$(PAM_PREFIX),' services/vmtoolsd/Makefile.am + sed -i 's,$(UDEVRULESDIR),''${prefix}/$(UDEVRULESDIR),' udev/Makefile.am + + # Avoid a glibc >= 2.25 deprecation warning that gets fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' -i lib/wiper/wiperPosix.c + + # Make reboot work, shutdown is not in /sbin on NixOS + sed -i 's,/sbin/shutdown,shutdown,' lib/system/systemLinux.c + ''; + + configureFlags = [ "--without-kernel-modules" "--without-xmlsecurity" ] + ++ lib.optional (!withX) "--without-x"; + + enableParallelBuilding = true; + + NIX_CFLAGS_COMPILE = builtins.toString [ + # igrone glib-2.62 deprecations + # Drop in next stable release. + "-DGLIB_DISABLE_DEPRECATION_WARNINGS" + + # fix build with gcc9 + "-Wno-error=address-of-packed-member" + "-Wno-error=format-overflow" + ]; + + postInstall = '' + wrapProgram "$out/etc/vmware-tools/scripts/vmware/network" \ + --prefix PATH ':' "${lib.makeBinPath [ iproute dbus systemd which ]}" + ''; + + meta = with stdenv.lib; { + homepage = "https://github.com/vmware/open-vm-tools"; + description = "Set of tools for VMWare guests to improve host-guest interaction"; + longDescription = '' + A set of services and modules that enable several features in VMware products for + better management of, and seamless user interactions with, guests. + ''; + license = licenses.gpl2; + platforms = [ "x86_64-linux" "i686-linux" ]; + maintainers = with maintainers; [ joamaki ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch new file mode 100644 index 000000000000..95b0951b5853 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/open-vm-tools/recognize_nixos.patch @@ -0,0 +1,33 @@ +diff --git a/lib/include/guest_os.h b/lib/include/guest_os.h +index 868dec68..0b9a2ad7 100644 +--- a/lib/include/guest_os.h ++++ b/lib/include/guest_os.h +@@ -278,6 +278,7 @@ Bool Gos_InSetArray(uint32 gos, const uint32 *set); + #define STR_OS_MANDRAKE_FULL "Mandrake Linux" + #define STR_OS_MANDRIVA "mandriva" + #define STR_OS_MKLINUX "MkLinux" ++#define STR_OS_NIXOS "NixOS" + #define STR_OS_NOVELL "nld9" + #define STR_OS_NOVELL_FULL "Novell Linux Desktop 9" + #define STR_OS_ORACLE6 "oraclelinux6" +diff --git a/lib/misc/hostinfoPosix.c b/lib/misc/hostinfoPosix.c +index 348a67ec..5f8beb2b 100644 +--- a/lib/misc/hostinfoPosix.c ++++ b/lib/misc/hostinfoPosix.c +@@ -203,6 +203,7 @@ static const DistroInfo distroArray[] = { + { "Mandrake", "/etc/mandrake-release" }, + { "Mandriva", "/etc/mandriva-release" }, + { "MkLinux", "/etc/mklinux-release" }, ++ { "NixOS", "/etc/os-release" }, + { "Novell", "/etc/nld-release" }, + { "OracleLinux", "/etc/oracle-release" }, + { "Photon", "/etc/lsb-release" }, +@@ -865,6 +866,8 @@ HostinfoGetOSShortName(const char *distro, // IN: full distro name + } + } else if (strstr(distroLower, "mandrake")) { + Str_Strcpy(distroShort, STR_OS_MANDRAKE, distroShortSize); ++ } else if (strstr(distroLower, "nixos")) { ++ Str_Strcpy(distroShort, STR_OS_NIXOS, distroShortSize); + } else if (strstr(distroLower, "turbolinux")) { + Str_Strcpy(distroShort, STR_OS_TURBO, distroShortSize); + } else if (strstr(distroLower, "sun")) { diff --git a/nixpkgs/pkgs/applications/virtualization/podman-compose/default.nix b/nixpkgs/pkgs/applications/virtualization/podman-compose/default.nix new file mode 100644 index 000000000000..31755f87f63c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/podman-compose/default.nix @@ -0,0 +1,21 @@ +{ lib, buildPythonApplication, fetchPypi, podman, pyyaml }: + +buildPythonApplication rec { + version = "0.1.5"; + pname = "podman-compose"; + + src = fetchPypi { + inherit pname version; + sha256 = "1sgbc889zq127qhxa9frhswa1mid19fs5qnyzfihx648y5i968pv"; + }; + + propagatedBuildInputs = [ pyyaml podman ]; + + meta = with lib; { + description = "An implementation of docker-compose with podman backend"; + homepage = "https://github.com/containers/podman-compose"; + license = licenses.gpl2; + platforms = platforms.linux; + maintainers = with maintainers; [ sikmir ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/podman/default.nix b/nixpkgs/pkgs/applications/virtualization/podman/default.nix new file mode 100644 index 000000000000..4a9fa0787521 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/podman/default.nix @@ -0,0 +1,59 @@ +{ stdenv +, fetchFromGitHub +, pkg-config +, installShellFiles +, buildGoPackage +, gpgme +, lvm2 +, btrfs-progs +, libseccomp +, systemd +, go-md2man +, nixosTests +}: + +buildGoPackage rec { + pname = "podman"; + version = "1.9.1"; + + src = fetchFromGitHub { + owner = "containers"; + repo = "libpod"; + rev = "v${version}"; + sha256 = "0dr5vd52fnjwx3zn2nj2nlvkbvh5bg579nf3qw8swrn8i1jwxd6j"; + }; + + goPackagePath = "github.com/containers/libpod"; + + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ pkg-config go-md2man installShellFiles ]; + + buildInputs = stdenv.lib.optionals stdenv.isLinux [ btrfs-progs libseccomp gpgme lvm2 systemd ]; + + buildPhase = '' + pushd go/src/${goPackagePath} + patchShebangs . + ${if stdenv.isDarwin + then "make CGO_ENABLED=0 BUILDTAGS='remoteclient containers_image_openpgp exclude_graphdriver_devicemapper' varlink_generate all" + else "make binaries docs"} + ''; + + installPhase = '' + install -Dm555 bin/podman $out/bin/podman + installShellCompletion --bash completions/bash/podman + installShellCompletion --zsh completions/zsh/_podman + MANDIR=$man/share/man make install.man + ''; + + passthru.tests.podman = nixosTests.podman; + + meta = with stdenv.lib; { + homepage = "https://podman.io/"; + description = "A program for managing pods, containers and container images"; + license = licenses.asl20; + maintainers = with maintainers; [ marsam ] ++ teams.podman.members; + platforms = platforms.unix; + broken = stdenv.isDarwin; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix b/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix new file mode 100644 index 000000000000..99233696b3ed --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/podman/wrapper.nix @@ -0,0 +1,52 @@ +{ podman-unwrapped +, runCommand +, makeWrapper +, lib +, extraPackages ? [] +, podman # Docker compat +, runc # Default container runtime +, crun # Default container runtime (cgroups v2) +, conmon # Container runtime monitor +, slirp4netns # User-mode networking for unprivileged namespaces +, fuse-overlayfs # CoW for images, much faster than default vfs +, utillinux # nsenter +, cni-plugins +, iptables +}: + +let + podman = podman-unwrapped; + + binPath = lib.makeBinPath ([ + runc + crun + conmon + slirp4netns + fuse-overlayfs + utillinux + iptables + ] ++ extraPackages); + +in runCommand podman.name { + name = "${podman.pname}-wrapper-${podman.version}"; + inherit (podman) pname version; + + meta = builtins.removeAttrs podman.meta [ "outputsToInstall" ]; + + outputs = [ + "out" + "man" + ]; + + nativeBuildInputs = [ + makeWrapper + ]; + +} '' + ln -s ${podman.man} $man + + mkdir -p $out/bin + ln -s ${podman-unwrapped}/share $out/share + makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \ + --prefix PATH : ${binPath} +'' diff --git a/nixpkgs/pkgs/applications/virtualization/qboot/default.nix b/nixpkgs/pkgs/applications/virtualization/qboot/default.nix new file mode 100644 index 000000000000..d770308239f8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qboot/default.nix @@ -0,0 +1,27 @@ +{ stdenv, fetchFromGitHub }: + +stdenv.mkDerivation { + name = "qboot-20170330"; + + src = fetchFromGitHub { + owner = "bonzini"; + repo = "qboot"; + rev = "ac9488f26528394856b94bda0797f5bd9c69a26a"; + sha256 = "0l83nbjndin1cbcimkqkiqr5df8d76cnhyk26rd3aygb2bf7cspy"; + }; + + installPhase = '' + mkdir -p $out + cp bios.bin* $out/. + ''; + + hardeningDisable = [ "stackprotector" "pic" ]; + + meta = { + description = "A simple x86 firmware for booting Linux"; + homepage = "https://github.com/bonzini/qboot"; + license = stdenv.lib.licenses.gpl2; + maintainers = with stdenv.lib.maintainers; [ tstrobel ]; + platforms = ["x86_64-linux" "i686-linux"]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch b/nixpkgs/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch new file mode 100644 index 000000000000..03e47a57863c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/9p-ignore-noatime.patch @@ -0,0 +1,44 @@ +commit cdc3e7eeafa9f683214d2c15d52ef384c3de6611 +Author: aszlig <aszlig@nix.build> +Date: Mon Mar 18 13:21:01 2019 +0100 + + 9pfs: Ignore O_NOATIME open flag + + Since Linux 4.19, overlayfs uses the O_NOATIME flag on its lowerdir, + which in turn causes errors when the Nix store is mounted in the guest + because the file owner of the store paths typically don't match the + owner of the QEMU process. + + After submitting a patch to the overlayfs mailing list[1], it turns out + that my patch was incomplete[2] and needs a bit more rework. + + So instead of using an incomplete kernel patch in nixpkgs, which affects + *all* users of overlayfs, not just NixOS VM tests, I decided that for + now it's better to patch QEMU instead. + + The change here really only ignores the O_NOATIME flag so that the + behaviour is similar to what NFS does. From open(2): + + This flag may not be effective on all filesystems. One example is NFS, + where the server maintains the access time. + + This change is therefore only temporary until the final fix lands in the + stable kernel releases. + + [1]: https://www.spinics.net/lists/linux-unionfs/msg06755.html + [2]: https://www.spinics.net/lists/linux-unionfs/msg06756.html + + Signed-off-by: aszlig <aszlig@nix.build> + +diff --git a/hw/9pfs/9p.c b/hw/9pfs/9p.c +index 55821343e5..0b8425fe18 100644 +--- a/hw/9pfs/9p.c ++++ b/hw/9pfs/9p.c +@@ -127,7 +127,6 @@ static int dotl_to_open_flags(int flags) + { P9_DOTL_LARGEFILE, O_LARGEFILE }, + { P9_DOTL_DIRECTORY, O_DIRECTORY }, + { P9_DOTL_NOFOLLOW, O_NOFOLLOW }, +- { P9_DOTL_NOATIME, O_NOATIME }, + { P9_DOTL_SYNC, O_SYNC }, + }; + diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/default.nix b/nixpkgs/pkgs/applications/virtualization/qemu/default.nix new file mode 100644 index 000000000000..d6611e20a9c1 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/default.nix @@ -0,0 +1,196 @@ +{ stdenv, fetchurl, fetchpatch, python, zlib, pkgconfig, glib +, ncurses, perl, pixman, vde2, alsaLib, texinfo, flex +, bison, lzo, snappy, libaio, gnutls, nettle, curl +, makeWrapper +, attr, libcap, libcap_ng +, CoreServices, Cocoa, Hypervisor, rez, setfile +, numaSupport ? stdenv.isLinux && !stdenv.isAarch32, numactl +, seccompSupport ? stdenv.isLinux, libseccomp +, pulseSupport ? !stdenv.isDarwin, libpulseaudio +, sdlSupport ? !stdenv.isDarwin, SDL2 +, gtkSupport ? !stdenv.isDarwin && !xenSupport, gtk3, gettext, vte +, vncSupport ? true, libjpeg, libpng +, smartcardSupport ? true, libcacard +, spiceSupport ? !stdenv.isDarwin, spice, spice-protocol +, usbredirSupport ? spiceSupport, usbredir +, xenSupport ? false, xen +, cephSupport ? false, ceph +, openGLSupport ? sdlSupport, mesa, epoxy, libdrm +, virglSupport ? openGLSupport, virglrenderer +, smbdSupport ? false, samba +, hostCpuOnly ? false +, hostCpuTargets ? (if hostCpuOnly + then (stdenv.lib.optional stdenv.isx86_64 "i386-softmmu" + ++ ["${stdenv.hostPlatform.qemuArch}-softmmu"]) + else null) +, nixosTestRunner ? false +}: + +with stdenv.lib; +let + audio = optionalString (hasSuffix "linux" stdenv.hostPlatform.system) "alsa," + + optionalString pulseSupport "pa," + + optionalString sdlSupport "sdl,"; + +in + +stdenv.mkDerivation rec { + version = "4.2.0"; + pname = "qemu" + + stdenv.lib.optionalString xenSupport "-xen" + + stdenv.lib.optionalString hostCpuOnly "-host-cpu-only" + + stdenv.lib.optionalString nixosTestRunner "-for-vm-tests"; + + src = fetchurl { + url = "https://wiki.qemu.org/download/qemu-${version}.tar.bz2"; + sha256 = "1gczv8hn3wqci86css3mhzrppp3z8vppxw25l08j589k6bvz7x1w"; + }; + + nativeBuildInputs = [ python python.pkgs.sphinx pkgconfig flex bison ]; + buildInputs = + [ zlib glib ncurses perl pixman + vde2 texinfo makeWrapper lzo snappy + gnutls nettle curl + ] + ++ optionals stdenv.isDarwin [ CoreServices Cocoa Hypervisor rez setfile ] + ++ optionals seccompSupport [ libseccomp ] + ++ optionals numaSupport [ numactl ] + ++ optionals pulseSupport [ libpulseaudio ] + ++ optionals sdlSupport [ SDL2 ] + ++ optionals gtkSupport [ gtk3 gettext vte ] + ++ optionals vncSupport [ libjpeg libpng ] + ++ optionals smartcardSupport [ libcacard ] + ++ optionals spiceSupport [ spice-protocol spice ] + ++ optionals usbredirSupport [ usbredir ] + ++ optionals stdenv.isLinux [ alsaLib libaio libcap_ng libcap attr ] + ++ optionals xenSupport [ xen ] + ++ optionals cephSupport [ ceph ] + ++ optionals openGLSupport [ mesa epoxy libdrm ] + ++ optionals virglSupport [ virglrenderer ] + ++ optionals smbdSupport [ samba ]; + + enableParallelBuilding = true; + + outputs = [ "out" "ga" ]; + + patches = [ + ./no-etc-install.patch + ./fix-qemu-ga.patch + ./9p-ignore-noatime.patch + (fetchpatch { + name = "CVE-2019-15890.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=c59279437eda91841b9d26079c70b8a540d41204"; + sha256 = "1q2rc67mfdz034mk81z9bw105x9zad7n954sy3kq068b1svrf7iy"; + stripLen = 1; + extraPrefix = "slirp/"; + }) + # patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7039 + (fetchpatch { + name = "CVE-2020-7039-1.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=2655fffed7a9e765bcb4701dd876e9dab975f289"; + sha256 = "1jh0k3lg3553c2x1kq1kl3967jabhba5gm584wjpmr5mjqk3lnz1"; + stripLen = 1; + extraPrefix = "slirp/"; + excludes = ["slirp/CHANGELOG.md"]; + }) + (fetchpatch { + name = "CVE-2020-7039-2.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=82ebe9c370a0e2970fb5695aa19aa5214a6a1c80"; + sha256 = "08ccxcmrhzknnzd1a1q2brszv3a7h02n26r73kpli10b0hn12r2l"; + stripLen = 1; + extraPrefix = "slirp/"; + }) + (fetchpatch { + name = "CVE-2020-7039-3.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=ce131029d6d4a405cb7d3ac6716d03e58fb4a5d9"; + sha256 = "18ypj9an2jmsmdn58853rbz42r10587h7cz5fdws2x4635778ibd"; + stripLen = 1; + extraPrefix = "slirp/"; + }) + # patches listed at: https://nvd.nist.gov/vuln/detail/CVE-2020-7211 + (fetchpatch { + name = "CVE-2020-7211.patch"; + url = "https://git.qemu.org/?p=libslirp.git;a=patch;h=14ec36e107a8c9af7d0a80c3571fe39b291ff1d4"; + sha256 = "1lc8zabqs580iqrsr5k7zwgkx6qjmja7apwfbc36lkvnrxwfzmrc"; + stripLen = 1; + extraPrefix = "slirp/"; + }) + ] ++ optional nixosTestRunner ./force-uid0-on-9p.patch + ++ optionals stdenv.hostPlatform.isMusl [ + (fetchpatch { + url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/xattr_size_max.patch"; + sha256 = "1xfdjs1jlvs99hpf670yianb8c3qz2ars8syzyz8f2c2cp5y4bxb"; + }) + (fetchpatch { + url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/musl-F_SHLCK-and-F_EXLCK.patch"; + sha256 = "1gm67v41gw6apzgz7jr3zv9z80wvkv0jaxd2w4d16hmipa8bhs0k"; + }) + ./sigrtminmax.patch + (fetchpatch { + url = "https://raw.githubusercontent.com/alpinelinux/aports/2bb133986e8fa90e2e76d53369f03861a87a74ef/main/qemu/fix-sigevent-and-sigval_t.patch"; + sha256 = "0wk0rrcqywhrw9hygy6ap0lfg314m9z1wr2hn8338r5gfcw75mav"; + }) + ]; + + hardeningDisable = [ "stackprotector" ]; + + preConfigure = '' + unset CPP # intereferes with dependency calculation + '' + optionalString stdenv.hostPlatform.isMusl '' + NIX_CFLAGS_COMPILE+=" -D_LINUX_SYSINFO_H" + ''; + + configureFlags = + [ "--audio-drv-list=${audio}" + "--sysconfdir=/etc" + "--localstatedir=/var" + "--enable-docs" + ] + # disable sysctl check on darwin. + ++ optional stdenv.isDarwin "--cpu=x86_64" + ++ optional numaSupport "--enable-numa" + ++ optional seccompSupport "--enable-seccomp" + ++ optional smartcardSupport "--enable-smartcard" + ++ optional spiceSupport "--enable-spice" + ++ optional usbredirSupport "--enable-usb-redir" + ++ optional (hostCpuTargets != null) "--target-list=${stdenv.lib.concatStringsSep "," hostCpuTargets}" + ++ optional stdenv.isDarwin "--enable-cocoa" + ++ optional stdenv.isDarwin "--enable-hvf" + ++ optional stdenv.isLinux "--enable-linux-aio" + ++ optional gtkSupport "--enable-gtk" + ++ optional xenSupport "--enable-xen" + ++ optional cephSupport "--enable-rbd" + ++ optional openGLSupport "--enable-opengl" + ++ optional virglSupport "--enable-virglrenderer" + ++ optional smbdSupport "--smbd=${samba}/bin/smbd"; + + doCheck = false; # tries to access /dev + + postFixup = + '' + # copy qemu-ga (guest agent) to separate output + mkdir -p $ga/bin + cp $out/bin/qemu-ga $ga/bin/ + ''; + + # Add a ‘qemu-kvm’ wrapper for compatibility/convenience. + postInstall = '' + if [ -x $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} ]; then + makeWrapper $out/bin/qemu-system-${stdenv.hostPlatform.qemuArch} \ + $out/bin/qemu-kvm \ + --add-flags "\$([ -e /dev/kvm ] && echo -enable-kvm)" + fi + ''; + + passthru = { + qemu-system-i386 = "bin/qemu-system-i386"; + }; + + meta = with stdenv.lib; { + homepage = "http://www.qemu.org/"; + description = "A generic and open source machine emulator and virtualizer"; + license = licenses.gpl2Plus; + maintainers = with maintainers; [ eelco ]; + platforms = platforms.linux ++ platforms.darwin; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch b/nixpkgs/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch new file mode 100644 index 000000000000..c2f051e2b944 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/fix-qemu-ga.patch @@ -0,0 +1,22 @@ +diff --git a/qga/commands-posix.c b/qga/commands-posix.c +index 0dc219d..9d020d3 100644 +--- a/qga/commands-posix.c ++++ b/qga/commands-posix.c +@@ -102,6 +102,8 @@ void qmp_guest_shutdown(bool has_mode, const char *mode, Error **errp) + reopen_fd_to_null(1); + reopen_fd_to_null(2); + ++ execle("/run/current-system/sw/bin/shutdown", "shutdown", "-h", shutdown_flag, "+0", ++ "hypervisor initiated shutdown", (char*)NULL, environ); + execle("/sbin/shutdown", "shutdown", "-h", shutdown_flag, "+0", + "hypervisor initiated shutdown", (char*)NULL, environ); + _exit(EXIT_FAILURE); +@@ -189,6 +191,8 @@ void qmp_guest_set_time(bool has_time, int64_t time_ns, Error **errp) + + /* Use '/sbin/hwclock -w' to set RTC from the system time, + * or '/sbin/hwclock -s' to set the system time from RTC. */ ++ execle("/run/current-system/sw/bin/hwclock", "hwclock", has_time ? "-w" : "-s", ++ NULL, environ); + execle("/sbin/hwclock", "hwclock", has_time ? "-w" : "-s", + NULL, environ); + _exit(EXIT_FAILURE); diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch b/nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch new file mode 100644 index 000000000000..33c4ffff6fe5 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/force-uid0-on-9p.patch @@ -0,0 +1,81 @@ +diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c +index 45e9a1f9b0..494ee00c66 100644 +--- a/hw/9pfs/9p-local.c ++++ b/hw/9pfs/9p-local.c +@@ -84,6 +84,23 @@ static void unlinkat_preserve_errno(int dirfd, const char *path, int flags) + + #define VIRTFS_META_DIR ".virtfs_metadata" + ++static int is_in_store_path(const char *path) ++{ ++ static char *store_path = NULL; ++ int store_path_len = -1; ++ ++ if (store_path_len == -1) { ++ if ((store_path = getenv("NIX_STORE")) != NULL) ++ store_path_len = strlen(store_path); ++ else ++ store_path_len = 0; ++ } ++ ++ if (store_path_len > 0) ++ return strncmp(path, store_path, strlen(store_path)) == 0; ++ return 0; ++} ++ + static FILE *local_fopenat(int dirfd, const char *name, const char *mode) + { + int fd, o_mode = 0; +@@ -161,6 +178,8 @@ static int local_lstat(FsContext *fs_ctx, V9fsPath *fs_path, struct stat *stbuf) + if (err) { + goto err_out; + } ++ stbuf->st_uid = 0; ++ stbuf->st_gid = 0; + if (fs_ctx->export_flags & V9FS_SM_MAPPED) { + /* Actual credentials are part of extended attrs */ + uid_t tmp_uid; +@@ -280,6 +299,9 @@ static int fchmodat_nofollow(int dirfd, const char *name, mode_t mode) + { + int fd, ret; + ++ if (is_in_store_path(name)) ++ return 0; ++ + /* FIXME: this should be handled with fchmodat(AT_SYMLINK_NOFOLLOW). + * Unfortunately, the linux kernel doesn't implement it yet. As an + * alternative, let's open the file and use fchmod() instead. This +@@ -661,6 +683,8 @@ static int local_fstat(FsContext *fs_ctx, int fid_type, + if (err) { + return err; + } ++ stbuf->st_uid = 0; ++ stbuf->st_gid = 0; + if (fs_ctx->export_flags & V9FS_SM_MAPPED) { + /* Actual credentials are part of extended attrs */ + uid_t tmp_uid; +@@ -795,8 +819,11 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath, + if (err) { + goto out; + } +- err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, +- AT_SYMLINK_NOFOLLOW); ++ if (is_in_store_path(name)) ++ err = 0; ++ else ++ err = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, ++ AT_SYMLINK_NOFOLLOW); + if (err == -1) { + /* + * If we fail to change ownership and if we are +@@ -911,7 +938,9 @@ static int local_chown(FsContext *fs_ctx, V9fsPath *fs_path, FsCred *credp) + goto out; + } + +- if ((credp->fc_uid == -1 && credp->fc_gid == -1) || ++ if (is_in_store_path(name)) { ++ ret = 0; ++ } else if ((credp->fc_uid == -1 && credp->fc_gid == -1) || + (fs_ctx->export_flags & V9FS_SM_PASSTHROUGH) || + (fs_ctx->export_flags & V9FS_SM_NONE)) { + ret = fchownat(dirfd, name, credp->fc_uid, credp->fc_gid, diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/no-etc-install.patch b/nixpkgs/pkgs/applications/virtualization/qemu/no-etc-install.patch new file mode 100644 index 000000000000..5bab930d06a5 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/no-etc-install.patch @@ -0,0 +1,12 @@ +diff --git a/Makefile b/Makefile +--- a/Makefile ++++ b/Makefile +@@ -867,7 +867,7 @@ install-includedir: + $(INSTALL_DIR) "$(DESTDIR)$(includedir)" + + install: all $(if $(BUILD_DOCS),install-doc) \ +- install-datadir install-localstatedir install-includedir \ ++ install-datadir install-includedir \ + $(if $(INSTALL_BLOBS),$(edk2-decompressed)) \ + recurse-install + ifneq ($(TOOLS),) diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/sigrtminmax.patch b/nixpkgs/pkgs/applications/virtualization/qemu/sigrtminmax.patch new file mode 100644 index 000000000000..41050447ac64 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/sigrtminmax.patch @@ -0,0 +1,30 @@ +From 2697fcc42546e814a2d2617671cb8398b15256fb Mon Sep 17 00:00:00 2001 +From: Will Dietz <w@wdtz.org> +Date: Fri, 17 Aug 2018 00:22:35 -0500 +Subject: [PATCH] quick port __SIGRTMIN/__SIGRTMAX patch for qemu 3.0 + +--- + linux-user/signal.c | 7 +++++++ + 1 file changed, 7 insertions(+) + +diff --git a/linux-user/signal.c b/linux-user/signal.c +index 602b631b92..87f9240134 100644 +--- a/linux-user/signal.c ++++ b/linux-user/signal.c +@@ -26,6 +26,13 @@ + #include "trace.h" + #include "signal-common.h" + ++#ifndef __SIGRTMIN ++#define __SIGRTMIN 32 ++#endif ++#ifndef __SIGRTMAX ++#define __SIGRTMAX (NSIG-1) ++#endif ++ + struct target_sigaltstack target_sigaltstack_used = { + .ss_sp = 0, + .ss_size = 0, +-- +2.18.0 + diff --git a/nixpkgs/pkgs/applications/virtualization/qemu/utils.nix b/nixpkgs/pkgs/applications/virtualization/qemu/utils.nix new file mode 100644 index 000000000000..430d71221797 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qemu/utils.nix @@ -0,0 +1,16 @@ +{ stdenv, qemu }: + +stdenv.mkDerivation rec { + name = "qemu-utils-${version}"; + version = qemu.version; + + buildInputs = [ qemu ]; + unpackPhase = "true"; + + installPhase = '' + mkdir -p "$out/bin" + cp "${qemu}/bin/qemu-img" "$out/bin/qemu-img" + cp "${qemu}/bin/qemu-io" "$out/bin/qemu-io" + cp "${qemu}/bin/qemu-nbd" "$out/bin/qemu-nbd" + ''; +} diff --git a/nixpkgs/pkgs/applications/virtualization/qtemu/default.nix b/nixpkgs/pkgs/applications/virtualization/qtemu/default.nix new file mode 100644 index 000000000000..29f0004be830 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/qtemu/default.nix @@ -0,0 +1,45 @@ +{ stdenv, mkDerivation, fetchFromGitLab, pkgconfig, qmake, qtbase, qemu, makeWrapper }: + +mkDerivation rec { + pname = "qtemu"; + version = "2.1"; + + src = fetchFromGitLab { + owner = "qtemu"; + repo = "gui"; + rev = version; + sha256 = "1555178mkfw0gwmw8bsxmg4339j2ifp0yb4b2f39nxh9hwshg07j"; + }; + + nativeBuildInputs = [ + qmake + pkgconfig + ]; + + buildInputs = [ + qtbase + qemu + ]; + + installPhase = '' + runHook preInstall + + # upstream lacks an install method + install -D -t $out/share/applications qtemu.desktop + install -D -t $out/share/pixmaps qtemu.png + install -D -t $out/bin qtemu + + # make sure that the qemu-* executables are found + wrapProgram $out/bin/qtemu --prefix PATH : ${stdenv.lib.makeBinPath [ qemu ]} + + runHook postInstall + ''; + + meta = with stdenv.lib; { + description = "Qt-based front-end for QEMU emulator"; + homepage = "https://qtemu.org"; + license = licenses.gpl2; + platforms = with platforms; linux; + maintainers = with maintainers; [ romildo ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/railcar/cargo-lock.patch b/nixpkgs/pkgs/applications/virtualization/railcar/cargo-lock.patch new file mode 100644 index 000000000000..bb9d5420f32a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/railcar/cargo-lock.patch @@ -0,0 +1,435 @@ +From 97e1e2ca82c20317a6de1f345d2fb0adcde0b7fd Mon Sep 17 00:00:00 2001 +From: Katharina Fey <kookie@spacekookie.de> +Date: Mon, 10 Dec 2018 17:42:58 +0100 +Subject: [PATCH] Adding `Cargo.lock` for release `v1.0.4` + +--- + Cargo.lock | 416 +++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 416 insertions(+) + create mode 100644 Cargo.lock + +diff --git a/Cargo.lock b/Cargo.lock +new file mode 100644 +index 0000000..bf6aa0e +--- /dev/null ++++ b/Cargo.lock +@@ -0,0 +1,416 @@ ++[[package]] ++name = "ansi_term" ++version = "0.11.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "atty" ++version = "0.2.11" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "backtrace" ++version = "0.3.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "backtrace-sys" ++version = "0.1.24" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "bitflags" ++version = "0.7.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "bitflags" ++version = "1.0.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "caps" ++version = "0.0.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", ++ "enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)", ++ "error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "cc" ++version = "1.0.25" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "cfg-if" ++version = "0.1.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "clap" ++version = "2.32.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", ++ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", ++ "vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "custom_derive" ++version = "0.1.7" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "dtoa" ++version = "0.4.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "enum_derive" ++version = "0.1.7" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "error-chain" ++version = "0.8.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "error-chain" ++version = "0.10.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "itoa" ++version = "0.3.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "lazy_static" ++version = "0.2.11" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "libc" ++version = "0.2.45" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "log" ++version = "0.3.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "log" ++version = "0.4.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "nix" ++version = "0.8.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "nix" ++version = "0.12.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)", ++ "cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "num-traits" ++version = "0.1.43" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "num-traits" ++version = "0.2.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "oci" ++version = "0.1.0" ++dependencies = [ ++ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "prctl" ++version = "1.0.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "quote" ++version = "0.3.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "railcar" ++version = "1.0.4" ++dependencies = [ ++ "caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)", ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)", ++ "nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)", ++ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++ "oci 0.1.0", ++ "prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "redox_syscall" ++version = "0.1.43" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "redox_termios" ++version = "0.1.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "rustc-demangle" ++version = "0.1.9" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "scopeguard" ++version = "0.3.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "seccomp-sys" ++version = "0.1.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "serde" ++version = "0.9.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "serde_codegen_internals" ++version = "0.14.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "serde_derive" ++version = "0.9.15" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)", ++ "syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "serde_json" ++version = "0.9.10" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)", ++ "num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++ "serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "strsim" ++version = "0.7.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "syn" ++version = "0.11.11" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)", ++ "synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)", ++ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "synom" ++version = "0.11.3" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "termion" ++version = "1.5.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)", ++ "redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)", ++ "redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "textwrap" ++version = "0.10.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "unicode-width" ++version = "0.1.5" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "unicode-xid" ++version = "0.0.4" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "vec_map" ++version = "0.8.1" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "void" ++version = "1.0.2" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "winapi" ++version = "0.3.6" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++dependencies = [ ++ "winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", ++ "winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)", ++] ++ ++[[package]] ++name = "winapi-i686-pc-windows-gnu" ++version = "0.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[[package]] ++name = "winapi-x86_64-pc-windows-gnu" ++version = "0.4.0" ++source = "registry+https://github.com/rust-lang/crates.io-index" ++ ++[metadata] ++"checksum ansi_term 0.11.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ee49baf6cb617b853aa8d93bf420db2383fab46d314482ca2803b40d5fde979b" ++"checksum atty 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "9a7d5b8723950951411ee34d271d99dddcc2035a16ab25310ea2c8cfd4369652" ++"checksum backtrace 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "89a47830402e9981c5c41223151efcced65a0510c13097c769cede7efb34782a" ++"checksum backtrace-sys 0.1.24 (registry+https://github.com/rust-lang/crates.io-index)" = "c66d56ac8dabd07f6aacdaf633f4b8262f5b3601a810a0dcddffd5c22c69daa0" ++"checksum bitflags 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "aad18937a628ec6abcd26d1489012cc0e18c21798210f491af69ded9b881106d" ++"checksum bitflags 1.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "228047a76f468627ca71776ecdebd732a3423081fcf5125585bcd7c49886ce12" ++"checksum caps 0.0.1 (registry+https://github.com/rust-lang/crates.io-index)" = "2c238ba41e8d1d354c8576228110585046ae379efd7af972932993d5c1d41c7d" ++"checksum cc 1.0.25 (registry+https://github.com/rust-lang/crates.io-index)" = "f159dfd43363c4d08055a07703eb7a3406b0dac4d0584d96965a3262db3c9d16" ++"checksum cfg-if 0.1.6 (registry+https://github.com/rust-lang/crates.io-index)" = "082bb9b28e00d3c9d39cc03e64ce4cea0f1bb9b3fde493f0cbc008472d22bdf4" ++"checksum clap 2.32.0 (registry+https://github.com/rust-lang/crates.io-index)" = "b957d88f4b6a63b9d70d5f454ac8011819c6efa7727858f458ab71c756ce2d3e" ++"checksum custom_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "ef8ae57c4978a2acd8b869ce6b9ca1dfe817bff704c220209fdef2c0b75a01b9" ++"checksum dtoa 0.4.3 (registry+https://github.com/rust-lang/crates.io-index)" = "6d301140eb411af13d3115f9a562c85cc6b541ade9dfa314132244aaee7489dd" ++"checksum enum_derive 0.1.7 (registry+https://github.com/rust-lang/crates.io-index)" = "406ac2a8c9eedf8af9ee1489bee9e50029278a6456c740f7454cf8a158abc816" ++"checksum error-chain 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "d9435d864e017c3c6afeac1654189b06cdb491cf2ff73dbf0d73b0f292f42ff8" ++"checksum error-chain 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "6930e04918388a9a2e41d518c25cf679ccafe26733fb4127dbf21993f2575d46" ++"checksum itoa 0.3.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8324a32baf01e2ae060e9de58ed0bc2320c9a2833491ee36cd3b4c414de4db8c" ++"checksum lazy_static 0.2.11 (registry+https://github.com/rust-lang/crates.io-index)" = "76f033c7ad61445c5b347c7382dd1237847eb1bce590fe50365dcb33d546be73" ++"checksum libc 0.2.45 (registry+https://github.com/rust-lang/crates.io-index)" = "2d2857ec59fadc0773853c664d2d18e7198e83883e7060b63c924cb077bd5c74" ++"checksum log 0.3.9 (registry+https://github.com/rust-lang/crates.io-index)" = "e19e8d5c34a3e0e2223db8e060f9e8264aeeb5c5fc64a4ee9965c062211c024b" ++"checksum log 0.4.6 (registry+https://github.com/rust-lang/crates.io-index)" = "c84ec4b527950aa83a329754b01dbe3f58361d1c5efacd1f6d68c494d08a17c6" ++"checksum nix 0.12.0 (registry+https://github.com/rust-lang/crates.io-index)" = "921f61dc817b379d0834e45d5ec45beaacfae97082090a49c2cf30dcbc30206f" ++"checksum nix 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "47e49f6982987135c5e9620ab317623e723bd06738fd85377e8d55f57c8b6487" ++"checksum num-traits 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "92e5113e9fd4cc14ded8e499429f396a20f98c772a47cc8622a736e1ec843c31" ++"checksum num-traits 0.2.6 (registry+https://github.com/rust-lang/crates.io-index)" = "0b3a5d7cc97d6d30d8b9bc8fa19bf45349ffe46241e8816f50f62f6d6aaabee1" ++"checksum prctl 1.0.0 (registry+https://github.com/rust-lang/crates.io-index)" = "059a34f111a9dee2ce1ac2826a68b24601c4298cfeb1a587c3cb493d5ab46f52" ++"checksum quote 0.3.15 (registry+https://github.com/rust-lang/crates.io-index)" = "7a6e920b65c65f10b2ae65c831a81a073a89edd28c7cce89475bff467ab4167a" ++"checksum redox_syscall 0.1.43 (registry+https://github.com/rust-lang/crates.io-index)" = "679da7508e9a6390aeaf7fbd02a800fdc64b73fe2204dd2c8ae66d22d9d5ad5d" ++"checksum redox_termios 0.1.1 (registry+https://github.com/rust-lang/crates.io-index)" = "7e891cfe48e9100a70a3b6eb652fef28920c117d366339687bd5576160db0f76" ++"checksum rustc-demangle 0.1.9 (registry+https://github.com/rust-lang/crates.io-index)" = "bcfe5b13211b4d78e5c2cadfebd7769197d95c639c35a50057eb4c05de811395" ++"checksum scopeguard 0.3.3 (registry+https://github.com/rust-lang/crates.io-index)" = "94258f53601af11e6a49f722422f6e3425c52b06245a5cf9bc09908b174f5e27" ++"checksum seccomp-sys 0.1.2 (registry+https://github.com/rust-lang/crates.io-index)" = "0d4082b110d25cf281ddbf78dc56e1a65c929fd72ac6c2deb1a4c20a23999dfa" ++"checksum serde 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "34b623917345a631dc9608d5194cc206b3fe6c3554cd1c75b937e55e285254af" ++"checksum serde_codegen_internals 0.14.2 (registry+https://github.com/rust-lang/crates.io-index)" = "bc888bd283bd2420b16ad0d860e35ad8acb21941180a83a189bb2046f9d00400" ++"checksum serde_derive 0.9.15 (registry+https://github.com/rust-lang/crates.io-index)" = "978fd866f4d4872084a81ccc35e275158351d3b9fe620074e7d7504b816b74ba" ++"checksum serde_json 0.9.10 (registry+https://github.com/rust-lang/crates.io-index)" = "ad8bcf487be7d2e15d3d543f04312de991d631cfe1b43ea0ade69e6a8a5b16a1" ++"checksum strsim 0.7.0 (registry+https://github.com/rust-lang/crates.io-index)" = "bb4f380125926a99e52bc279241539c018323fab05ad6368b56f93d9369ff550" ++"checksum syn 0.11.11 (registry+https://github.com/rust-lang/crates.io-index)" = "d3b891b9015c88c576343b9b3e41c2c11a51c219ef067b264bd9c8aa9b441dad" ++"checksum synom 0.11.3 (registry+https://github.com/rust-lang/crates.io-index)" = "a393066ed9010ebaed60b9eafa373d4b1baac186dd7e008555b0f702b51945b6" ++"checksum termion 1.5.1 (registry+https://github.com/rust-lang/crates.io-index)" = "689a3bdfaab439fd92bc87df5c4c78417d3cbe537487274e9b0b2dce76e92096" ++"checksum textwrap 0.10.0 (registry+https://github.com/rust-lang/crates.io-index)" = "307686869c93e71f94da64286f9a9524c0f308a9e1c87a583de8e9c9039ad3f6" ++"checksum unicode-width 0.1.5 (registry+https://github.com/rust-lang/crates.io-index)" = "882386231c45df4700b275c7ff55b6f3698780a650026380e72dabe76fa46526" ++"checksum unicode-xid 0.0.4 (registry+https://github.com/rust-lang/crates.io-index)" = "8c1f860d7d29cf02cb2f3f359fd35991af3d30bac52c57d265a3c461074cb4dc" ++"checksum vec_map 0.8.1 (registry+https://github.com/rust-lang/crates.io-index)" = "05c78687fb1a80548ae3250346c3db86a80a7cdd77bda190189f2d0a0987c81a" ++"checksum void 1.0.2 (registry+https://github.com/rust-lang/crates.io-index)" = "6a02e4885ed3bc0f2de90ea6dd45ebcbb66dacffe03547fadbb0eeae2770887d" ++"checksum winapi 0.3.6 (registry+https://github.com/rust-lang/crates.io-index)" = "92c1eb33641e276cfa214a0522acad57be5c56b10cb348b3c5117db75f3ac4b0" ++"checksum winapi-i686-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6" ++"checksum winapi-x86_64-pc-windows-gnu 0.4.0 (registry+https://github.com/rust-lang/crates.io-index)" = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f" +-- +2.17.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/railcar/default.nix b/nixpkgs/pkgs/applications/virtualization/railcar/default.nix new file mode 100644 index 000000000000..fda95b41ab5d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/railcar/default.nix @@ -0,0 +1,27 @@ +{ lib, fetchFromGitHub, rustPlatform, libseccomp }: + +rustPlatform.buildRustPackage rec { + pname = "railcar"; + version = "1.0.4"; + + src = fetchFromGitHub { + owner = "oracle"; + repo = "railcar"; + rev = "v${version}"; + sha256 = "09zn160qxd7760ii6rs5nhr00qmaz49x1plclscznxh9hinyjyh9"; + }; + + # Submitted upstream https://github.com/oracle/railcar/pull/44 + cargoPatches = [ ./cargo-lock.patch ]; + cargoSha256 = "10qxkxpdprl2rcgy52s3q5gyg3i75qmx68rpl7cx1bgjzppfn9c3"; + + buildInputs = [ libseccomp ]; + + meta = with lib; { + description = "Rust implementation of the Open Containers Initiative oci-runtime"; + homepage = "https://github.com/oracle/railcar"; + license = with licenses; [ asl20 /* or */ upl ]; + maintainers = [ maintainers.spacekookie ]; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/remotebox/default.nix b/nixpkgs/pkgs/applications/virtualization/remotebox/default.nix new file mode 100644 index 000000000000..dcc5efb6504a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/remotebox/default.nix @@ -0,0 +1,42 @@ +{ stdenv, fetchurl, makeWrapper, perl, perlPackages }: + +stdenv.mkDerivation rec { + pname = "remotebox"; + version = "2.7"; + + src = fetchurl { + url = "http://remotebox.knobgoblin.org.uk/downloads/RemoteBox-${version}.tar.bz2"; + sha256 = "0csf6gd7pqq4abia4z0zpzlq865ri1z0821kjy7p3iawqlfn75pb"; + }; + + buildInputs = with perlPackages; [ perl Glib Gtk2 Pango SOAPLite ]; + nativeBuildInputs = [ makeWrapper ]; + + installPhase = '' + mkdir -pv $out/bin + + substituteInPlace remotebox --replace "\$Bin/" "\$Bin/../" + install -v -t $out/bin remotebox + wrapProgram $out/bin/remotebox --prefix PERL5LIB : $PERL5LIB + + cp -av docs/ share/ $out + + mkdir -pv $out/share/applications + cp -pv packagers-readme/*.desktop $out/share/applications + ''; + + meta = with stdenv.lib; { + description = "VirtualBox client with remote management"; + homepage = "http://remotebox.knobgoblin.org.uk/"; + license = licenses.gpl2Plus; + longDescription = '' + VirtualBox is traditionally considered to be a virtualization solution + aimed at the desktop. While it is certainly possible to install + VirtualBox on a server, it offers few remote management features beyond + using the vboxmanage command line. + RemoteBox aims to fill this gap by providing a graphical VirtualBox + client which is able to manage a VirtualBox server installation. + ''; + platforms = platforms.all; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/rkt/default.nix b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix new file mode 100644 index 000000000000..f3b68e5c2276 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix @@ -0,0 +1,78 @@ +{ stdenv, lib, autoreconfHook, acl, go, file, git, wget, gnupg, trousers, squashfsTools, + cpio, fetchurl, fetchFromGitHub, iptables, systemd, makeWrapper, glibc }: + +let + # Always get the information from + # https://github.com/coreos/rkt/blob/v${VERSION}/stage1/usr_from_coreos/coreos-common.mk + coreosImageRelease = "1478.0.0"; + coreosImageSystemdVersion = "233"; + + # TODO: track https://github.com/coreos/rkt/issues/1758 to allow "host" flavor. + stage1Flavours = [ "coreos" "fly" ]; + stage1Dir = "lib/rkt/stage1-images"; + +in stdenv.mkDerivation rec { + version = "1.30.0"; + pname = "rkt"; + BUILDDIR="build-${pname}-${version}"; + + src = fetchFromGitHub { + owner = "coreos"; + repo = "rkt"; + rev = "v${version}"; + sha256 = "0dqf83b7iin1np8k8k1m8i99ybga8vx932q7n2q64yghkw7p6i00"; + }; + + stage1BaseImage = fetchurl { + url = "http://alpha.release.core-os.net/amd64-usr/${coreosImageRelease}/coreos_production_pxe_image.cpio.gz"; + sha256 = "0s4qdkkfp0iirfnm5ds3b3hxq0249kvpygyhflma8z90ivkzk5wq"; + }; + + buildInputs = [ + glibc.out glibc.static + autoreconfHook go file git wget gnupg trousers squashfsTools cpio acl systemd + makeWrapper + ]; + + preConfigure = '' + ./autogen.sh + configureFlagsArray=( + --with-stage1-flavors=${builtins.concatStringsSep "," stage1Flavours} + ${if lib.findFirst (p: p == "coreos") null stage1Flavours != null then " + --with-coreos-local-pxe-image-path=${stage1BaseImage} + --with-coreos-local-pxe-image-systemd-version=v${coreosImageSystemdVersion} + " else "" } + --with-stage1-default-location=$out/${stage1Dir}/stage1-${builtins.elemAt stage1Flavours 0}.aci + ); + ''; + + preBuild = '' + export BUILDDIR + export GOCACHE="$TMPDIR/go-cache" + ''; + + installPhase = '' + mkdir -p $out/bin + cp -Rv $BUILDDIR/target/bin/rkt $out/bin + + mkdir -p $out/lib/rkt/stage1-images/ + cp -Rv $BUILDDIR/target/bin/stage1-*.aci $out/${stage1Dir}/ + + wrapProgram $out/bin/rkt \ + --prefix LD_LIBRARY_PATH : "${systemd.lib}/lib:${acl.out}/lib" \ + --prefix PATH : ${iptables}/bin + ''; + + meta = with lib; { + description = "A fast, composable, and secure App Container runtime for Linux"; + homepage = "https://github.com/coreos/rkt"; + license = licenses.asl20; + maintainers = with maintainers; [ ragge steveej ]; + platforms = [ "x86_64-linux" ]; + knownVulnerabilities = [ + "CVE-2019-10144: processes run with `rkt enter` are given all capabilities during stage 2" + "CVE-2019-10145: processes run with `rkt enter` do not have seccomp filtering during stage 2" + "CVE-2019-10147: processes run with `rkt enter` are not limited by cgroups during stage 2" + ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/runc/default.nix b/nixpkgs/pkgs/applications/virtualization/runc/default.nix new file mode 100644 index 000000000000..95db2a1d9e9a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/runc/default.nix @@ -0,0 +1,52 @@ +{ lib +, fetchFromGitHub +, buildGoPackage +, go-md2man +, installShellFiles +, pkg-config +, which +, libapparmor +, apparmor-parser +, libseccomp +}: + +buildGoPackage rec { + pname = "runc"; + version = "1.0.0-rc10"; + + src = fetchFromGitHub { + owner = "opencontainers"; + repo = "runc"; + rev = "v${version}"; + sha256 = "0pi3rvj585997m4z9ljkxz2z9yxf9p2jr0pmqbqrc7bc95f5hagk"; + }; + + goPackagePath = "github.com/opencontainers/runc"; + outputs = [ "out" "man" ]; + + nativeBuildInputs = [ go-md2man installShellFiles pkg-config which ]; + buildInputs = [ libseccomp libapparmor apparmor-parser ]; + + makeFlags = [ "BUILDTAGS+=seccomp" "BUILDTAGS+=apparmor" ]; + + buildPhase = '' + cd go/src/${goPackagePath} + patchShebangs . + substituteInPlace libcontainer/apparmor/apparmor.go \ + --replace /sbin/apparmor_parser ${apparmor-parser}/bin/apparmor_parser + make ${toString makeFlags} runc man + ''; + + installPhase = '' + install -Dm755 runc $out/bin/runc + installManPage man/*/*.[1-9] + ''; + + meta = with lib; { + homepage = "https://github.com/opencontainers/runc"; + description = "A CLI tool for spawning and running containers according to the OCI specification"; + license = licenses.asl20; + maintainers = with maintainers; [ offline ] ++ teams.podman.members; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/seabios/default.nix b/nixpkgs/pkgs/applications/virtualization/seabios/default.nix new file mode 100644 index 000000000000..d95f759783d2 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/seabios/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, iasl, python }: + +stdenv.mkDerivation rec { + + pname = "seabios"; + version = "1.13.0"; + + src = fetchurl { + url = "https://www.seabios.org/downloads/${pname}-${version}.tar.gz"; + sha256 = "00z7vdahpxa37irlf8ld350dp6z9qfyfb56vbfqr319hsv13srrp"; + }; + + buildInputs = [ iasl python ]; + + hardeningDisable = [ "pic" "stackprotector" "fortify" ]; + + configurePhase = '' + # build SeaBIOS for CSM + cat > .config << EOF + CONFIG_CSM=y + CONFIG_QEMU_HARDWARE=y + CONFIG_PERMIT_UNALIGNED_PCIROM=y + EOF + + make olddefconfig + ''; + + installPhase = '' + mkdir $out + cp out/Csm16.bin $out/Csm16.bin + ''; + + meta = with stdenv.lib; { + description = "Open source implementation of a 16bit X86 BIOS"; + longDescription = '' + SeaBIOS is an open source implementation of a 16bit X86 BIOS. + It can run in an emulator or it can run natively on X86 hardware with the use of coreboot. + SeaBIOS is the default BIOS for QEMU and KVM. + ''; + homepage = "http://www.seabios.org"; + license = licenses.lgpl3; + maintainers = [ maintainers.tstrobel ]; + platforms = [ "i686-linux" "x86_64-linux" ]; + }; +} + diff --git a/nixpkgs/pkgs/applications/virtualization/singularity/default.nix b/nixpkgs/pkgs/applications/virtualization/singularity/default.nix new file mode 100644 index 000000000000..f6a1a3bc6a91 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/singularity/default.nix @@ -0,0 +1,76 @@ +{stdenv +, removeReferencesTo +, lib +, fetchFromGitHub +, utillinux +, openssl +, coreutils +, go +, which +, makeWrapper +, squashfsTools +, buildGoPackage}: + +with lib; + +buildGoPackage rec { + pname = "singularity"; + version = "3.2.1"; + + src = fetchFromGitHub { + owner = "sylabs"; + repo = "singularity"; + rev = "v${version}"; + sha256 = "14lhxwy21s7q081x7kbnvkjsbxgsg2f181qlzmlxcn6n7gfav3kj"; + }; + + goPackagePath = "github.com/sylabs/singularity"; + goDeps = ./deps.nix; + + buildInputs = [ openssl utillinux ]; + nativeBuildInputs = [ removeReferencesTo which makeWrapper ]; + propagatedBuildInputs = [ coreutils squashfsTools ]; + + prePatch = '' + substituteInPlace internal/pkg/build/copy/copy.go \ + --replace /bin/cp ${coreutils}/bin/cp + ''; + + postConfigure = '' + cd go/src/github.com/sylabs/singularity + + patchShebangs . + sed -i 's|defaultPath := "[^"]*"|defaultPath := "${stdenv.lib.makeBinPath propagatedBuildInputs}"|' cmd/internal/cli/actions.go + + ./mconfig -V ${version} -p $out --localstatedir=/var + + # Don't install SUID binaries + sed -i 's/-m 4755/-m 755/g' builddir/Makefile + + ''; + + buildPhase = '' + make -C builddir + ''; + + installPhase = '' + make -C builddir install LOCALSTATEDIR=$out/var + chmod 755 $out/libexec/singularity/bin/starter-suid + wrapProgram $out/bin/singularity --prefix PATH : ${stdenv.lib.makeBinPath propagatedBuildInputs} + ''; + + postFixup = '' + find $out/libexec/ -type f -executable -exec remove-references-to -t ${go} '{}' + || true + + # These etc scripts shouldn't have their paths patched + cp etc/actions/* $out/etc/singularity/actions/ + ''; + + meta = with stdenv.lib; { + homepage = "http://www.sylabs.io/"; + description = "Application containers for linux"; + license = licenses.bsd3; + platforms = platforms.linux; + maintainers = [ maintainers.jbedo ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/singularity/deps.nix b/nixpkgs/pkgs/applications/virtualization/singularity/deps.nix new file mode 100644 index 000000000000..fe51488c7066 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/singularity/deps.nix @@ -0,0 +1 @@ +[] diff --git a/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix new file mode 100644 index 000000000000..22aa31a6dea3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/spice-vdagent/default.nix @@ -0,0 +1,33 @@ +{stdenv, fetchurl, pkgconfig, alsaLib, spice-protocol, glib, + libpciaccess, libxcb, libXrandr, libXinerama, libXfixes, dbus, libdrm, + systemd}: +stdenv.mkDerivation rec { + name = "spice-vdagent-0.20.0"; + src = fetchurl { + url = "https://www.spice-space.org/download/releases/${name}.tar.bz2"; + sha256 = "0n9k2kna2gd1zi6jv45zsp2jlv439nz5l5jjijirxqaycwi74srf"; + }; + NIX_CFLAGS_COMPILE = [ "-Wno-error=address-of-packed-member" ]; + postPatch = '' + substituteInPlace data/spice-vdagent.desktop --replace /usr $out + ''; + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ alsaLib spice-protocol glib libdrm + libpciaccess libxcb libXrandr libXinerama libXfixes + dbus systemd ] ; + meta = { + description = "Enhanced SPICE integration for linux QEMU guest"; + longDescription = '' + Spice agent for linux guests offering + * Client mouse mode + * Copy and paste + * Automatic adjustment of the X-session resolution + to the client resolution + * Multiple displays + ''; + homepage = "https://www.spice-space.org/"; + license = stdenv.lib.licenses.gpl3; + maintainers = [ stdenv.lib.maintainers.aboseley ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/spike/default.nix b/nixpkgs/pkgs/applications/virtualization/spike/default.nix new file mode 100644 index 000000000000..0f397bc272a9 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/spike/default.nix @@ -0,0 +1,34 @@ +{ stdenv, fetchgit, dtc, nixosTests }: + +stdenv.mkDerivation rec { + pname = "spike"; + version = "1.0.0"; + + src = fetchgit { + url = "https://github.com/riscv/riscv-isa-sim.git"; + rev = "v${version}"; + sha256 = "1hcl01nj96s3rkz4mrq747s5lkw81lgdjdimb8b1b9h8qnida7ww"; + }; + + nativeBuildInputs = [ dtc ]; + enableParallelBuilding = true; + + patchPhase = '' + patchShebangs scripts/*.sh + patchShebangs tests/ebreak.py + ''; + + doCheck = true; + + passthru.tests = { + can-run-hello-world = nixosTests.spike; + }; + + meta = with stdenv.lib; { + description = "A RISC-V ISA Simulator"; + homepage = "https://github.com/riscv/riscv-isa-sim"; + license = licenses.bsd3; + platforms = [ "x86_64-linux" "aarch64-linux" ]; + maintainers = with maintainers; [ blitz ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/tini/default.nix b/nixpkgs/pkgs/applications/virtualization/tini/default.nix new file mode 100644 index 000000000000..db3fb1c96eb3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/tini/default.nix @@ -0,0 +1,26 @@ +{ stdenv, fetchFromGitHub, cmake, glibc }: + +stdenv.mkDerivation rec { + version = "0.19.0"; + pname = "tini"; + + src = fetchFromGitHub { + owner = "krallin"; + repo = "tini"; + rev = "v${version}"; + sha256 ="1hnnvjydg7gi5gx6nibjjdnfipblh84qcpajc08nvr44rkzswck4"; + }; + + patchPhase = "sed -i /tini-static/d CMakeLists.txt"; + + NIX_CFLAGS_COMPILE = "-DPR_SET_CHILD_SUBREAPER=36 -DPR_GET_CHILD_SUBREAPER=37"; + + buildInputs = [ cmake glibc glibc.static ]; + + meta = with stdenv.lib; { + description = "A tiny but valid init for containers"; + homepage = "https://github.com/krallin/tini"; + license = licenses.mit; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/tinyemu/default.nix b/nixpkgs/pkgs/applications/virtualization/tinyemu/default.nix new file mode 100644 index 000000000000..2c9098993d8f --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/tinyemu/default.nix @@ -0,0 +1,23 @@ +{ stdenv, fetchurl, openssl, curl, SDL }: + +stdenv.mkDerivation rec { + pname = "tinyemu"; + version = "2018-09-23"; + src = fetchurl { + url = "https://bellard.org/tinyemu/${pname}-${version}.tar.gz"; + sha256 = "0d6payyqf4lpvmmzvlpq1i8wpbg4sf3h6llsw0xnqdgq3m9dan4v"; + }; + buildInputs = [ openssl curl SDL ]; + makeFlags = [ "DESTDIR=$(out)" "bindir=/bin" ]; + preInstall = '' + mkdir -p "$out/bin" + ''; + meta = { + homepage = "https://bellard.org/tinyemu/"; + description = "A system emulator for the RISC-V and x86 architectures"; + longDescription = "TinyEMU is a system emulator for the RISC-V and x86 architectures. Its purpose is to be small and simple while being complete."; + license = with stdenv.lib.licenses; [ mit bsd2 ]; + platforms = stdenv.lib.platforms.linux; + maintainers = with stdenv.lib.maintainers; [ jhhuh ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/umoci/default.nix b/nixpkgs/pkgs/applications/virtualization/umoci/default.nix new file mode 100644 index 000000000000..f07bb0fc164e --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/umoci/default.nix @@ -0,0 +1,25 @@ +{ lib, fetchFromGitHub, buildGoPackage }: + +buildGoPackage rec { + pname = "umoci"; + version = "0.4.5"; + + src = fetchFromGitHub { + owner = "openSUSE"; + repo = "umoci"; + rev = "v${version}"; + sha256 = "1gzj4nnys73wajdwjn5jsskvnhzh8s2vmyl76ax8drpvw19bd5g3"; + }; + + goPackagePath = "github.com/openSUSE/umoci"; + + buildFlagsArray = [ "-ldflags=-s -w -X main.version=${version}" ]; + + meta = with lib; { + description = "umoci modifies Open Container images"; + homepage = "https://umo.ci"; + license = licenses.asl20; + maintainers = with maintainers; [ zokrezyl ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-manager/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-manager/default.nix new file mode 100644 index 000000000000..952a30b139cf --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-manager/default.nix @@ -0,0 +1,71 @@ +{ stdenv, fetchurl, python3Packages, intltool, file +, wrapGAppsHook, gtk-vnc, vte, avahi, dconf +, gobject-introspection, libvirt-glib, system-libvirt +, gsettings-desktop-schemas, glib, libosinfo, gnome3 +, gtksourceview4 +, spiceSupport ? true, spice-gtk ? null +, cpio, e2fsprogs, findutils, gzip +}: + +with stdenv.lib; + +python3Packages.buildPythonApplication rec { + pname = "virt-manager"; + version = "2.2.1"; + + src = fetchurl { + url = "http://virt-manager.org/download/sources/virt-manager/${pname}-${version}.tar.gz"; + sha256 = "06ws0agxlip6p6n3n43knsnjyd91gqhh2dadgc33wl9lx1k8vn6g"; + }; + + nativeBuildInputs = [ + intltool file + gobject-introspection # for setup hook populating GI_TYPELIB_PATH + ]; + + buildInputs = [ + wrapGAppsHook + libvirt-glib vte dconf gtk-vnc gnome3.adwaita-icon-theme avahi + gsettings-desktop-schemas libosinfo gtksourceview4 + gobject-introspection # Temporary fix, see https://github.com/NixOS/nixpkgs/issues/56943 + ] ++ optional spiceSupport spice-gtk; + + propagatedBuildInputs = with python3Packages; + [ + pygobject3 ipaddress libvirt libxml2 requests + ]; + + patchPhase = '' + sed -i 's|/usr/share/libvirt/cpu_map.xml|${system-libvirt}/share/libvirt/cpu_map.xml|g' virtinst/capabilities.py + sed -i "/'install_egg_info'/d" setup.py + ''; + + postConfigure = '' + ${python3Packages.python.interpreter} setup.py configure --prefix=$out + ''; + + setupPyGlobalFlags = [ "--no-update-icon-cache" ]; + + preFixup = '' + gappsWrapperArgs+=(--set PYTHONPATH "$PYTHONPATH") + # these are called from virt-install in initrdinject.py + gappsWrapperArgs+=(--prefix PATH : "${makeBinPath [ cpio e2fsprogs file findutils gzip ]}") + ''; + + # Failed tests + doCheck = false; + + meta = with stdenv.lib; { + homepage = "http://virt-manager.org"; + description = "Desktop user interface for managing virtual machines"; + longDescription = '' + The virt-manager application is a desktop user interface for managing + virtual machines through libvirt. It primarily targets KVM VMs, but also + manages Xen and LXC (linux containers). + ''; + license = licenses.gpl2; + # exclude Darwin since libvirt-glib currently doesn't build there + platforms = platforms.linux; + maintainers = with maintainers; [ qknight offline fpletz globin ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix b/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix new file mode 100644 index 000000000000..85bc7c428ff2 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-manager/qt.nix @@ -0,0 +1,43 @@ +{ mkDerivation, lib, fetchFromGitHub, cmake, pkgconfig +, qtbase, qtmultimedia, qtsvg, qttools, krdc +, libvncserver, libvirt, pcre, pixman, qtermwidget, spice-gtk, spice-protocol +, libselinux, libsepol, utillinux +}: + +mkDerivation rec { + pname = "virt-manager-qt"; + version = "0.70.91"; + + src = fetchFromGitHub { + owner = "F1ash"; + repo = "qt-virt-manager"; + rev = version; + sha256 = "1z2kq88lljvr24z1kizvg3h7ckf545h4kjhhrjggkr0w4wjjwr43"; + }; + + cmakeFlags = [ + "-DBUILD_QT_VERSION=5" + "-DQTERMWIDGET_INCLUDE_DIRS=${qtermwidget}/include/qtermwidget5" + ]; + + buildInputs = [ + qtbase qtmultimedia qtsvg krdc + libvirt libvncserver pcre pixman qtermwidget spice-gtk spice-protocol + libselinux libsepol utillinux + ]; + + nativeBuildInputs = [ cmake pkgconfig qttools ]; + + meta = with lib; { + homepage = "https://f1ash.github.io/qt-virt-manager"; + description = "Desktop user interface for managing virtual machines (QT)"; + longDescription = '' + The virt-manager application is a desktop user interface for managing + virtual machines through libvirt. It primarily targets KVM VMs, but also + manages Xen and LXC (linux containers). + ''; + license = licenses.gpl2; + maintainers = with maintainers; [ peterhoeg ]; + inherit (qtbase.meta) platforms; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix new file mode 100644 index 000000000000..7ad60405f1b8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-top/default.nix @@ -0,0 +1,25 @@ +{ stdenv, fetchgit, ocamlPackages, autoreconfHook }: + +stdenv.mkDerivation rec { + pname = "virt-top"; + version = "1.0.9"; + + src = fetchgit { + url = "git://git.annexia.org/virt-top.git"; + rev = "v${version}"; + sha256 = "0m7pm8lzlpngsj0vjv0hg8l9ck3gvwpva7r472f8f03xpjffwiga"; + }; + + nativeBuildInputs = [ autoreconfHook ]; + buildInputs = with ocamlPackages; [ ocaml findlib ocaml_extlib ocaml_libvirt gettext-stub curses csv xml-light ]; + + buildPhase = "make opt"; + + meta = with stdenv.lib; { + description = "A top-like utility for showing stats of virtualized domains"; + homepage = "https://people.redhat.com/~rjones/virt-top/"; + license = licenses.gpl2; + maintainers = [ maintainers.volth ]; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-viewer/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-viewer/default.nix new file mode 100644 index 000000000000..41e6c425a81a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-viewer/default.nix @@ -0,0 +1,46 @@ +{ stdenv, fetchurl, pkgconfig, intltool, shared-mime-info, wrapGAppsHook +, glib, gsettings-desktop-schemas, gtk-vnc, gtk3, libvirt, libvirt-glib, libxml2, vte +, spiceSupport ? true +, spice-gtk ? null, spice-protocol ? null, libcap ? null, gdbm ? null +}: + +assert spiceSupport -> + spice-gtk != null && spice-protocol != null && libcap != null && gdbm != null; + +with stdenv.lib; + +stdenv.mkDerivation rec { + baseName = "virt-viewer"; + version = "9.0"; + name = "${baseName}-${version}"; + + src = fetchurl { + url = "http://virt-manager.org/download/sources/${baseName}/${name}.tar.gz"; + sha256 = "09a83mzyn3b4nd7wpa659g1zf1fjbzb79rk968bz6k5xl21k7d4i"; + }; + + nativeBuildInputs = [ pkgconfig intltool shared-mime-info wrapGAppsHook glib ]; + buildInputs = [ + glib gsettings-desktop-schemas gtk-vnc gtk3 libvirt libvirt-glib libxml2 vte + ] ++ optionals spiceSupport [ + spice-gtk spice-protocol libcap gdbm + ]; + + # Required for USB redirection PolicyKit rules file + propagatedUserEnvPkgs = optional spiceSupport spice-gtk; + + strictDeps = true; + enableParallelBuilding = true; + + meta = { + description = "A viewer for remote virtual machines"; + maintainers = [ maintainers.raskin ]; + platforms = platforms.linux; + license = licenses.gpl2; + }; + passthru = { + updateInfo = { + downloadPage = "http://virt-manager.org/download.html"; + }; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virt-what/default.nix b/nixpkgs/pkgs/applications/virtualization/virt-what/default.nix new file mode 100644 index 000000000000..f3004267ed79 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virt-what/default.nix @@ -0,0 +1,19 @@ +{ stdenv, lib, fetchurl }: + +stdenv.mkDerivation rec { + pname = "virt-what"; + version = "1.20"; + + src = fetchurl { + url = "https://people.redhat.com/~rjones/virt-what/files/${pname}-${version}.tar.gz"; + sha256 = "1s0hg5w47gmnllbs935bx21k3zqrgvqx1wn0zzij2lfxkb9dq4zr"; + }; + + meta = with lib; { + description = "Detect if running in a virtual machine and prints its type"; + homepage = "https://people.redhat.com/~rjones/virt-what/"; + maintainers = with maintainers; [ fpletz ]; + license = licenses.gpl2Plus; + platforms = platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtinst/default.nix b/nixpkgs/pkgs/applications/virtualization/virtinst/default.nix new file mode 100644 index 000000000000..4d8987d6ed78 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtinst/default.nix @@ -0,0 +1,47 @@ +{ stdenv, fetchurl, python2Packages, intltool, libxml2Python }: + +with stdenv.lib; + +let version = "0.600.4"; in + +stdenv.mkDerivation rec { + pname = "virtinst"; + inherit version; + + src = fetchurl { + url = "http://virt-manager.org/download/sources/virtinst/virtinst-${version}.tar.gz"; + sha256 = "175laiy49dni8hzi0cn14bbsdsigvgr9h6d9z2bcvbpa29spldvf"; + }; + + pythonPath = with python2Packages; + [ setuptools eventlet greenlet gflags netaddr carrot routes + PasteDeploy m2crypto ipy twisted + distutils_extra simplejson cheetah lockfile httplib2 + # !!! should libvirt be a build-time dependency? Note that + # libxml2Python is a dependency of libvirt.py. + libvirt libxml2Python urlgrabber + ]; + + buildInputs = + [ python2Packages.python + python2Packages.wrapPython + python2Packages.mox + intltool + ] ++ pythonPath; + + buildPhase = "python setup.py build"; + + installPhase = + '' + python setup.py install --prefix="$out"; + wrapPythonPrograms + ''; + + meta = { + homepage = "http://virt-manager.org"; + license = stdenv.lib.licenses.gpl2Plus; + maintainers = with stdenv.lib.maintainers; [qknight]; + description = "Command line tool which provides an easy way to provision operating systems into virtual machines"; + platforms = with stdenv.lib.platforms; linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix b/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix new file mode 100644 index 000000000000..7b7929d9f1d6 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/default.nix @@ -0,0 +1,236 @@ +{ config, stdenv, fetchurl, lib, iasl, dev86, pam, libxslt, libxml2, wrapQtAppsHook +, libX11, xorgproto, libXext, libXcursor, libXmu, libIDL, SDL, libcap, libGL +, libpng, glib, lvm2, libXrandr, libXinerama, libopus, qtbase, qtx11extras +, qttools, qtsvg, qtwayland, pkgconfig, which, docbook_xsl, docbook_xml_dtd_43 +, alsaLib, curl, libvpx, nettools, dbus, substituteAll, fetchpatch +# If open-watcom-bin is not passed, VirtualBox will fall back to use +# the shipped alternative sources (assembly). +, open-watcom-bin ? null +, makeself, perl +, javaBindings ? true, jdk ? null # Almost doesn't affect closure size +, pythonBindings ? false, python3 ? null +, extensionPack ? null, fakeroot ? null +, pulseSupport ? config.pulseaudio or stdenv.isLinux, libpulseaudio ? null +, enableHardening ? false +, headless ? false +, enable32bitGuests ? true +, patchelfUnstable # needed until 0.10 is released +}: + +with stdenv.lib; + +let + python = python3; + buildType = "release"; + # Use maintainers/scripts/update.nix to update the version and all related hashes or + # change the hashes in extpack.nix and guest-additions/default.nix as well manually. + version = "6.1.6"; + + iasl' = iasl.overrideAttrs (old: rec { + inherit (old) pname; + version = "20190108"; + src = fetchurl { + url = "https://acpica.org/sites/acpica/files/acpica-unix-${version}.tar.gz"; + sha256 = "0bqhr3ndchvfhxb31147z8gd81dysyz5dwkvmp56832d0js2564q"; + }; + NIX_CFLAGS_COMPILE = old.NIX_CFLAGS_COMPILE + " -Wno-error=stringop-truncation"; + }); +in stdenv.mkDerivation { + pname = "virtualbox"; + inherit version; + + src = fetchurl { + url = "https://download.virtualbox.org/virtualbox/${version}/VirtualBox-${version}.tar.bz2"; + sha256 = "b031c30d770f28c5f884071ad933e8c1f83e65b93aaba03a4012077c1d90a54f"; + }; + + outputs = [ "out" "modsrc" ]; + + nativeBuildInputs = [ pkgconfig which docbook_xsl docbook_xml_dtd_43 patchelfUnstable ] + ++ optional (!headless) wrapQtAppsHook; + + # Wrap manually because we wrap just a small number of executables. + dontWrapQtApps = true; + + buildInputs = + [ iasl' dev86 libxslt libxml2 xorgproto libX11 libXext libXcursor libIDL + libcap glib lvm2 alsaLib curl libvpx pam makeself perl + libXmu libpng libopus python ] + ++ optional javaBindings jdk + ++ optional pythonBindings python # Python is needed even when not building bindings + ++ optional pulseSupport libpulseaudio + ++ optionals (headless) [ libXrandr libGL ] + ++ optionals (!headless) [ qtbase qtx11extras libXinerama SDL ]; + + hardeningDisable = [ "format" "fortify" "pic" "stackprotector" ]; + + prePatch = '' + set -x + sed -e 's@MKISOFS --version@MKISOFS -version@' \ + -e 's@PYTHONDIR=.*@PYTHONDIR=${if pythonBindings then python else ""}@' \ + -e 's@CXX_FLAGS="\(.*\)"@CXX_FLAGS="-std=c++11 \1"@' \ + ${optionalString (!headless) '' + -e 's@TOOLQT5BIN=.*@TOOLQT5BIN="${getDev qtbase}/bin"@' \ + ''} -i configure + ls kBuild/bin/linux.x86/k* tools/linux.x86/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux.so.2 + ls kBuild/bin/linux.amd64/k* tools/linux.amd64/bin/* | xargs -n 1 patchelf --set-interpreter ${stdenv.glibc.out}/lib/ld-linux-x86-64.so.2 + + grep 'libpulse\.so\.0' src include -rI --files-with-match | xargs sed -i -e ' + ${optionalString pulseSupport + ''s@"libpulse\.so\.0"@"${libpulseaudio.out}/lib/libpulse.so.0"@g''}' + + grep 'libdbus-1\.so\.3' src include -rI --files-with-match | xargs sed -i -e ' + s@"libdbus-1\.so\.3"@"${dbus.lib}/lib/libdbus-1.so.3"@g' + + grep 'libasound\.so\.2' src include -rI --files-with-match | xargs sed -i -e ' + s@"libasound\.so\.2"@"${alsaLib.out}/lib/libasound.so.2"@g' + + export USER=nix + set +x + ''; + + patches = + optional enableHardening ./hardened.patch + ++ [ ./extra_symbols.patch ] + # When hardening is enabled, we cannot use wrapQtApp to ensure that VirtualBoxVM sees + # the correct environment variables needed for Qt to work, specifically QT_PLUGIN_PATH. + # This is because VirtualBoxVM would detect that it is wrapped that and refuse to run, + # and also because it would unset QT_PLUGIN_PATH for security reasons. We work around + # these issues by patching the code to set QT_PLUGIN_PATH to the necessary paths, + # after the code that unsets it. Note that qtsvg is included so that SVG icons from + # the user's icon theme can be loaded. + ++ optional (!headless && enableHardening) (substituteAll { + src = ./qt-env-vars.patch; + qtPluginPath = "${qtbase.bin}/${qtbase.qtPluginPrefix}:${qtsvg.bin}/${qtbase.qtPluginPrefix}:${qtwayland.bin}/${qtbase.qtPluginPrefix}"; + }) + ++ [ + ./qtx11extras.patch + ]; + + postPatch = '' + sed -i -e 's|/sbin/ifconfig|${nettools}/bin/ifconfig|' \ + src/VBox/HostDrivers/adpctl/VBoxNetAdpCtl.cpp + '' + optionalString headless '' + # Fix compile error in version 6.1.6 + substituteInPlace src/VBox/HostServices/SharedClipboard/VBoxSharedClipboardSvc-x11-stubs.cpp \ + --replace PSHCLFORMATDATA PSHCLFORMATS + ''; + + # first line: ugly hack, and it isn't yet clear why it's a problem + configurePhase = '' + NIX_CFLAGS_COMPILE=$(echo "$NIX_CFLAGS_COMPILE" | sed 's,\-isystem ${lib.getDev stdenv.cc.libc}/include,,g') + + cat >> LocalConfig.kmk <<LOCAL_CONFIG + VBOX_WITH_TESTCASES := + VBOX_WITH_TESTSUITE := + VBOX_WITH_VALIDATIONKIT := + VBOX_WITH_DOCS := + VBOX_WITH_WARNINGS_AS_ERRORS := + + VBOX_WITH_ORIGIN := + VBOX_PATH_APP_PRIVATE_ARCH_TOP := $out/share/virtualbox + VBOX_PATH_APP_PRIVATE_ARCH := $out/libexec/virtualbox + VBOX_PATH_SHARED_LIBS := $out/libexec/virtualbox + VBOX_WITH_RUNPATH := $out/libexec/virtualbox + VBOX_PATH_APP_PRIVATE := $out/share/virtualbox + VBOX_PATH_APP_DOCS := $out/doc + ${optionalString javaBindings '' + VBOX_JAVA_HOME := ${jdk} + ''} + ${optionalString (!headless) '' + PATH_QT5_X11_EXTRAS_LIB := ${getLib qtx11extras}/lib + PATH_QT5_X11_EXTRAS_INC := ${getDev qtx11extras}/include + TOOL_QT5_LRC := ${getDev qttools}/bin/lrelease + ''} + LOCAL_CONFIG + + ./configure \ + ${optionalString headless "--build-headless"} \ + ${optionalString (!javaBindings) "--disable-java"} \ + ${optionalString (!pythonBindings) "--disable-python"} \ + ${optionalString (!pulseSupport) "--disable-pulse"} \ + ${optionalString (!enableHardening) "--disable-hardening"} \ + ${optionalString (!enable32bitGuests) "--disable-vmmraw"} \ + ${optionalString (open-watcom-bin != null) "--with-ow-dir=${open-watcom-bin}"} \ + --disable-kmods + sed -e 's@PKG_CONFIG_PATH=.*@PKG_CONFIG_PATH=${libIDL}/lib/pkgconfig:${glib.dev}/lib/pkgconfig ${libIDL}/bin/libIDL-config-2@' \ + -i AutoConfig.kmk + sed -e 's@arch/x86/@@' \ + -i Config.kmk + substituteInPlace Config.kmk --replace "VBOX_WITH_TESTCASES = 1" "#" + ''; + + enableParallelBuilding = true; + + buildPhase = '' + source env.sh + kmk -j $NIX_BUILD_CORES BUILD_TYPE="${buildType}" + ''; + + installPhase = '' + libexec="$out/libexec/virtualbox" + share="${if enableHardening then "$out/share/virtualbox" else "$libexec"}" + + # Install VirtualBox files + mkdir -p "$libexec" + find out/linux.*/${buildType}/bin -mindepth 1 -maxdepth 1 \ + -name src -o -exec cp -avt "$libexec" {} + + + mkdir -p $out/bin + for file in ${optionalString (!headless) "VirtualBox VBoxSDL rdesktop-vrdp"} VBoxManage VBoxBalloonCtrl VBoxHeadless; do + echo "Linking $file to /bin" + test -x "$libexec/$file" + ln -s "$libexec/$file" $out/bin/$file + done + + ${optionalString (extensionPack != null) '' + mkdir -p "$share" + "${fakeroot}/bin/fakeroot" "${stdenv.shell}" <<EXTHELPER + "$libexec/VBoxExtPackHelperApp" install \ + --base-dir "$share/ExtensionPacks" \ + --cert-dir "$share/ExtPackCertificates" \ + --name "Oracle VM VirtualBox Extension Pack" \ + --tarball "${extensionPack}" \ + --sha-256 "${extensionPack.outputHash}" + EXTHELPER + ''} + + ${optionalString (!headless) '' + # Create and fix desktop item + mkdir -p $out/share/applications + sed -i -e "s|Icon=VBox|Icon=$libexec/VBox.png|" $libexec/virtualbox.desktop + ln -sfv $libexec/virtualbox.desktop $out/share/applications + # Icons + mkdir -p $out/share/icons/hicolor + for size in `ls -1 $libexec/icons`; do + mkdir -p $out/share/icons/hicolor/$size/apps + ln -s $libexec/icons/$size/*.png $out/share/icons/hicolor/$size/apps + done + ''} + + cp -rv out/linux.*/${buildType}/bin/src "$modsrc" + ''; + + preFixup = optionalString (!headless) '' + wrapQtApp $out/bin/VirtualBox + '' + # If hardening is disabled, wrap the VirtualBoxVM binary instead of patching + # the source code (see postPatch). + + optionalString (!headless && !enableHardening) '' + wrapQtApp $out/libexec/virtualbox/VirtualBoxVM + ''; + + passthru = { + inherit version; # for guest additions + inherit extensionPack; # for inclusion in profile to prevent gc + updateScript = ./update.sh; + }; + + meta = { + description = "PC emulator"; + license = licenses.gpl2; + homepage = "https://www.virtualbox.org/"; + maintainers = with maintainers; [ sander ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix b/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix new file mode 100644 index 000000000000..c9918b1cedf4 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/extpack.nix @@ -0,0 +1,25 @@ +{fetchurl, lib, virtualbox}: + +with lib; + +let + inherit (virtualbox) version; +in +fetchurl rec { + name = "Oracle_VM_VirtualBox_Extension_Pack-${version}.vbox-extpack"; + url = "https://download.virtualbox.org/virtualbox/${version}/${name}"; + sha256 = + # Manually sha256sum the extensionPack file, must be hex! + # Thus do not use `nix-prefetch-url` but instead plain old `sha256sum`. + # Checksums can also be found at https://www.virtualbox.org/download/hashes/${version}/SHA256SUMS + let value = "80b96b4b51a502141f6a8981f1493ade08a00762622c39e48319e5b122119bf3"; + in assert (builtins.stringLength value) == 64; value; + + meta = { + description = "Oracle Extension pack for VirtualBox"; + license = licenses.virtualbox-puel; + homepage = "https://www.virtualbox.org/"; + maintainers = with maintainers; [ sander cdepillabout ]; + platforms = [ "x86_64-linux" ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/extra_symbols.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/extra_symbols.patch new file mode 100644 index 000000000000..174bb8d9e70c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/extra_symbols.patch @@ -0,0 +1,21 @@ +diff --git a/src/VBox/HostDrivers/linux/Makefile b/src/VBox/HostDrivers/linux/Makefile +index 6e44129b..e68ce128 100644 +--- a/src/VBox/HostDrivers/linux/Makefile ++++ b/src/VBox/HostDrivers/linux/Makefile +@@ -95,13 +95,13 @@ vboxpci: vboxdrv + install: + @$(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxdrv install + @if [ -d vboxnetflt ]; then \ +- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetflt install; \ ++ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetflt/Module.symvers) -C vboxnetflt install; \ + fi + @if [ -d vboxnetadp ]; then \ +- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxnetadp install; \ ++ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxnetadp/Module.symvers) -C vboxnetadp install; \ + fi + @if [ -d vboxpci ]; then \ +- $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) -C vboxpci install; \ ++ $(MAKE) KBUILD_VERBOSE=$(KBUILD_VERBOSE) KBUILD_EXTRA_SYMBOLS=$(abspath vboxpci/Module.symvers) -C vboxpci install; \ + fi + + else diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix new file mode 100644 index 000000000000..4275bc0542e8 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/guest-additions/default.nix @@ -0,0 +1,165 @@ +{ stdenv, fetchurl, lib, patchelf, cdrkit, kernel, which, makeWrapper +, zlib, xorg, dbus, virtualbox}: + +let + version = virtualbox.version; + xserverVListFunc = builtins.elemAt (stdenv.lib.splitVersion xorg.xorgserver.version); + + # Forced to 1.18 in <nixpkgs/nixos/modules/services/x11/xserver.nix> + # as it even fails to build otherwise. Still, override this even here, + # in case someone does just a standalone build + # (not via videoDrivers = ["vboxvideo"]). + # It's likely to work again in some future update. + xserverABI = let abi = xserverVListFunc 0 + xserverVListFunc 1; + in if abi == "119" || abi == "120" then "118" else abi; + + # Specifies how to patch binaries to make sure that libraries loaded using + # dlopen are found. We grep binaries for specific library names and patch + # RUNPATH in matching binaries to contain the needed library paths. + dlopenLibs = [ + { name = "libdbus-1.so"; pkg = dbus; } + { name = "libXfixes.so"; pkg = xorg.libXfixes; } + ]; + +in stdenv.mkDerivation rec { + name = "VirtualBox-GuestAdditions-${version}-${kernel.version}"; + + src = fetchurl { + url = "http://download.virtualbox.org/virtualbox/${version}/VBoxGuestAdditions_${version}.iso"; + sha256 = "bcde4691dea7de93b65a10a43dda2b8f52e570f820992ad281c9bb5c8dede181"; + }; + + KERN_DIR = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/build"; + KERN_INCL = "${kernel.dev}/lib/modules/${kernel.modDirVersion}/source/include"; + + hardeningDisable = [ "pic" ]; + + NIX_CFLAGS_COMPILE = "-Wno-error=incompatible-pointer-types -Wno-error=implicit-function-declaration"; + + nativeBuildInputs = [ patchelf makeWrapper ]; + buildInputs = [ cdrkit ] ++ kernel.moduleBuildDependencies; + + + prePatch = '' + substituteInPlace src/vboxguest-${version}/vboxvideo/vbox_ttm.c \ + --replace "<ttm/" "<drm/ttm/" + ''; + + patchFlags = [ "-p1" "-d" "src/vboxguest-${version}" ]; + + unpackPhase = '' + ${if stdenv.hostPlatform.system == "i686-linux" || stdenv.hostPlatform.system == "x86_64-linux" then '' + isoinfo -J -i $src -x /VBoxLinuxAdditions.run > ./VBoxLinuxAdditions.run + chmod 755 ./VBoxLinuxAdditions.run + # An overflow leads the is-there-enough-space check to fail when there's too much space available, so fake how much space there is + sed -i 's/\$leftspace/16383/' VBoxLinuxAdditions.run + ./VBoxLinuxAdditions.run --noexec --keep + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + + # Unpack files + cd install + ${if stdenv.hostPlatform.system == "i686-linux" then '' + tar xfvj VBoxGuestAdditions-x86.tar.bz2 + '' + else if stdenv.hostPlatform.system == "x86_64-linux" then '' + tar xfvj VBoxGuestAdditions-amd64.tar.bz2 + '' + else throw ("Architecture: "+stdenv.hostPlatform.system+" not supported for VirtualBox guest additions") + } + ''; + + buildPhase = '' + # Build kernel modules. + cd src + find . -type f | xargs sed 's/depmod -a/true/' -i + cd vboxguest-${version} + # Run just make first. If we only did make install, we get symbol warnings during build. + make + cd ../.. + + # Change the interpreter for various binaries + for i in sbin/VBoxService bin/{VBoxClient,VBoxControl} other/mount.vboxsf; do + patchelf --set-interpreter ${stdenv.cc.bintools.dynamicLinker} $i + patchelf --set-rpath ${lib.makeLibraryPath [ stdenv.cc.cc stdenv.cc.libc zlib + xorg.libX11 xorg.libXt xorg.libXext xorg.libXmu xorg.libXfixes xorg.libXrandr xorg.libXcursor ]} $i + done + + for i in lib/VBoxOGL*.so + do + patchelf --set-rpath ${lib.makeLibraryPath [ "$out" + xorg.libXcomposite xorg.libXdamage xorg.libXext xorg.libXfixes ]} $i + done + + # FIXME: Virtualbox 4.3.22 moved VBoxClient-all (required by Guest Additions + # NixOS module) to 98vboxadd-xclient. For now, just work around it: + mv other/98vboxadd-xclient bin/VBoxClient-all + + # Remove references to /usr from various scripts and files + sed -i -e "s|/usr/bin|$out/bin|" other/vboxclient.desktop + sed -i -e "s|/usr/bin|$out/bin|" bin/VBoxClient-all + ''; + + installPhase = '' + # Install kernel modules. + cd src/vboxguest-${version} + make install INSTALL_MOD_PATH=$out KBUILD_EXTRA_SYMBOLS=$PWD/vboxsf/Module.symvers + cd ../.. + + # Install binaries + install -D -m 755 other/mount.vboxsf $out/bin/mount.vboxsf + install -D -m 755 sbin/VBoxService $out/bin/VBoxService + + mkdir -p $out/bin + install -m 755 bin/VBoxClient $out/bin + install -m 755 bin/VBoxControl $out/bin + install -m 755 bin/VBoxClient-all $out/bin + + wrapProgram $out/bin/VBoxClient-all \ + --prefix PATH : "${which}/bin" + + # Don't install VBoxOGL for now + # It seems to be broken upstream too, and fixing it is far down the priority list: + # https://www.virtualbox.org/pipermail/vbox-dev/2017-June/014561.html + # Additionally, 3d support seems to rely on VBoxOGL.so being symlinked from + # libGL.so (which we can't), and Oracle doesn't plan on supporting libglvnd + # either. (#18457) + ## Install OpenGL libraries + #mkdir -p $out/lib + #cp -v lib/VBoxOGL*.so $out/lib + #mkdir -p $out/lib/dri + #ln -s $out/lib/VBoxOGL.so $out/lib/dri/vboxvideo_dri.so + + # Install desktop file + mkdir -p $out/share/autostart + cp -v other/vboxclient.desktop $out/share/autostart + + # Install Xorg drivers + mkdir -p $out/lib/xorg/modules/{drivers,input} + install -m 644 other/vboxvideo_drv_${xserverABI}.so $out/lib/xorg/modules/drivers/vboxvideo_drv.so + ''; + + # Stripping breaks these binaries for some reason. + dontStrip = true; + + # Patch RUNPATH according to dlopenLibs (see the comment there). + postFixup = lib.concatMapStrings (library: '' + for i in $(grep -F ${lib.escapeShellArg library.name} -l -r $out/{lib,bin}); do + origRpath=$(patchelf --print-rpath "$i") + patchelf --set-rpath "$origRpath:${lib.makeLibraryPath [ library.pkg ]}" "$i" + done + '') dlopenLibs; + + meta = { + description = "Guest additions for VirtualBox"; + longDescription = '' + Various add-ons which makes NixOS work better as guest OS inside VirtualBox. + This add-on provides support for dynamic resizing of the X Display, shared + host/guest clipboard support and guest OpenGL support. + ''; + license = "GPL"; + maintainers = [ lib.maintainers.sander ]; + platforms = lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch new file mode 100644 index 000000000000..180ea88461ef --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/hardened.patch @@ -0,0 +1,182 @@ +diff --git a/include/iprt/mangling.h b/include/iprt/mangling.h +index c1daa8f..8618371 100644 +--- a/include/iprt/mangling.h ++++ b/include/iprt/mangling.h +@@ -1440,6 +1440,7 @@ + # define RTPathStripSuffix RT_MANGLER(RTPathStripSuffix) + # define RTPathStripFilename RT_MANGLER(RTPathStripFilename) + # define RTPathStripTrailingSlash RT_MANGLER(RTPathStripTrailingSlash) ++# define RTPathSuidDir RT_MANGLER(RTPathSuidDir) + # define RTPathTemp RT_MANGLER(RTPathTemp) + # define RTPathTraverseList RT_MANGLER(RTPathTraverseList) + # define RTPathUnlink RT_MANGLER(RTPathUnlink) +@@ -1478,6 +1479,7 @@ + # define RTProcGetAffinityMask RT_MANGLER(RTProcGetAffinityMask) + # define RTProcGetExecutablePath RT_MANGLER(RTProcGetExecutablePath) + # define RTProcGetPriority RT_MANGLER(RTProcGetPriority) ++# define RTProcGetSuidPath RT_MANGLER(RTProcGetSuidPath) + # define RTProcIsRunningByName RT_MANGLER(RTProcIsRunningByName) + # define RTProcQueryParent RT_MANGLER(RTProcQueryParent) + # define RTProcQueryUsername RT_MANGLER(RTProcQueryUsername) +diff --git a/include/iprt/path.h b/include/iprt/path.h +index 8bd42bc..2c23d3e 100644 +--- a/include/iprt/path.h ++++ b/include/iprt/path.h +@@ -1064,6 +1064,15 @@ RTDECL(int) RTPathCalcRelative(char *pszPathDst, size_t cbPathDst, + RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath); + + /** ++ * Gets the path to the NixOS setuid wrappers directory. ++ * ++ * @returns iprt status code. ++ * @param pszPath Buffer where to store the path. ++ * @param cchPath Buffer size in bytes. ++ */ ++RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath); ++ ++/** + * Gets the user home directory. + * + * @returns iprt status code. +diff --git a/include/iprt/process.h b/include/iprt/process.h +index 043653e..1070280 100644 +--- a/include/iprt/process.h ++++ b/include/iprt/process.h +@@ -327,6 +327,16 @@ RTR3DECL(const char *) RTProcShortName(void); + RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath); + + /** ++ * Gets the path to the NixOS setuid wrappers directory. ++ * ++ * @returns pszExecPath on success. NULL on buffer overflow or other errors. ++ * ++ * @param pszExecPath Where to store the path. ++ * @param cbExecPath The size of the buffer. ++ */ ++RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath); ++ ++/** + * Daemonize the current process, making it a background process. + * + * The way this work is that it will spawn a detached / backgrounded / +diff --git a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +index ce0f288..6193108 100644 +--- a/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp ++++ b/src/VBox/HostDrivers/Support/SUPR3HardenedVerify.cpp +@@ -1502,9 +1502,9 @@ static int supR3HardenedVerifyFsObject(PCSUPR3HARDENEDFSOBJSTATE pFsObjState, bo + bool fBad = !fRelaxed || pFsObjState->Stat.st_gid != 2 /*bin*/ || suplibHardenedStrCmp(pszPath, "/usr/lib/iconv"); + # else + NOREF(fRelaxed); +- bool fBad = true; ++ bool fBad = !(fDir && pFsObjState->Stat.st_mode & S_ISVTX && !suplibHardenedStrCmp(pszPath, "/nix/store")); + # endif +- if (fBad) ++ if (fBad && suplibHardenedStrCmp(pszPath, "/nix/store")) + return supR3HardenedSetError3(VERR_SUPLIB_WRITE_NON_SYS_GROUP, pErrInfo, + "An unknown (and thus untrusted) group has write access to '", pszPath, + "' and we therefore cannot trust the directory content or that of any subdirectory"); +diff --git a/src/VBox/Main/src-server/generic/NetIf-generic.cpp b/src/VBox/Main/src-server/generic/NetIf-generic.cpp +index 98dc91a..43a819f 100644 +--- a/src/VBox/Main/src-server/generic/NetIf-generic.cpp ++++ b/src/VBox/Main/src-server/generic/NetIf-generic.cpp +@@ -47,7 +47,7 @@ static int NetIfAdpCtl(const char * pcszIfName, const char *pszAddr, const char + const char *args[] = { NULL, pcszIfName, pszAddr, pszOption, pszMask, NULL }; + + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME)); + if (RT_FAILURE(rc)) + { + LogRel(("NetIfAdpCtl: failed to get program path, rc=%Rrc.\n", rc)); +@@ -89,7 +89,7 @@ static int NetIfAdpCtl(HostNetworkInterface * pIf, const char *pszAddr, const ch + int NetIfAdpCtlOut(const char * pcszName, const char * pcszCmd, char *pszBuffer, size_t cBufSize) + { + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " ") - strlen(pcszCmd)); + if (RT_FAILURE(rc)) + { + LogRel(("NetIfAdpCtlOut: Failed to get program path, rc=%Rrc\n", rc)); +@@ -201,7 +201,7 @@ int NetIfCreateHostOnlyNetworkInterface(VirtualBox *pVirtualBox, + progress.queryInterfaceTo(aProgress); + + char szAdpCtl[RTPATH_MAX]; +- int rc = RTPathExecDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add")); ++ int rc = RTPathSuidDir(szAdpCtl, sizeof(szAdpCtl) - sizeof("/" VBOXNETADPCTL_NAME " add")); + if (RT_FAILURE(rc)) + { + progress->i_notifyComplete(E_FAIL, +diff --git a/src/VBox/Runtime/r3/path.cpp b/src/VBox/Runtime/r3/path.cpp +index 944848e..744a261 100644 +--- a/src/VBox/Runtime/r3/path.cpp ++++ b/src/VBox/Runtime/r3/path.cpp +@@ -81,6 +81,12 @@ RTDECL(int) RTPathExecDir(char *pszPath, size_t cchPath) + } + + ++RTDECL(int) RTPathSuidDir(char *pszPath, size_t cchPath) ++{ ++ return RTStrCopy(pszPath, cchPath, "/run/wrappers/bin"); ++} ++ ++ + RTDECL(int) RTPathAppPrivateNoArch(char *pszPath, size_t cchPath) + { + #if !defined(RT_OS_WINDOWS) && defined(RTPATH_APP_PRIVATE) +diff --git a/src/VBox/Runtime/r3/process.cpp b/src/VBox/Runtime/r3/process.cpp +index 2aab645..9795f21 100644 +--- a/src/VBox/Runtime/r3/process.cpp ++++ b/src/VBox/Runtime/r3/process.cpp +@@ -111,6 +111,26 @@ RTR3DECL(char *) RTProcGetExecutablePath(char *pszExecPath, size_t cbExecPath) + return NULL; + } + ++/* ++ * Note the / at the end! This is important, because the functions using this ++ * will cut off everything after the rightmost / as this function is analogous ++ * to RTProcGetExecutablePath(). ++ */ ++#define SUIDDIR "/run/wrappers/bin/" ++ ++RTR3DECL(char *) RTProcGetSuidPath(char *pszExecPath, size_t cbExecPath) ++{ ++ if (cbExecPath >= sizeof(SUIDDIR)) ++ { ++ memcpy(pszExecPath, SUIDDIR, sizeof(SUIDDIR)); ++ pszExecPath[sizeof(SUIDDIR)] = '\0'; ++ return pszExecPath; ++ } ++ ++ AssertMsgFailed(("Buffer too small (%zu <= %zu)\n", cbExecPath, sizeof(SUIDDIR))); ++ return NULL; ++} ++ + + RTR3DECL(const char *) RTProcShortName(void) + { +diff --git a/src/VBox/Main/src-server/NetworkServiceRunner.cpp b/src/VBox/Main/src-server/NetworkServiceRunner.cpp +index 2e57690..3272c84 100644 +--- a/src/VBox/Main/src-server/NetworkServiceRunner.cpp ++++ b/src/VBox/Main/src-server/NetworkServiceRunner.cpp +@@ -188,7 +188,7 @@ int NetworkServiceRunner::start(bool aKillProcessOnStop) + * ASSUME it is relative to the directory that holds VBoxSVC. + */ + char szExePath[RTPATH_MAX]; +- AssertReturn(RTProcGetExecutablePath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG); ++ AssertReturn(RTProcGetSuidPath(szExePath, RTPATH_MAX), VERR_FILENAME_TOO_LONG); + RTPathStripFilename(szExePath); + int vrc = RTPathAppend(szExePath, sizeof(szExePath), m->pszProcName); + AssertLogRelRCReturn(vrc, vrc); +diff --git a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp +index 2991d3a7..d042a08b 100644 +--- a/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp ++++ b/src/VBox/Main/src-all/MachineLaunchVMCommonWorker.cpp +@@ -90,7 +90,7 @@ int MachineLaunchVMCommonWorker(const Utf8Str &aNameOrId, + + /* Get the path to the executable directory w/ trailing slash: */ + char szPath[RTPATH_MAX]; +- int vrc = RTPathAppPrivateArch(szPath, sizeof(szPath)); ++ int vrc = RTStrCopy(szPath, sizeof(szPath) - 1, "/run/wrappers/bin"); + AssertRCReturn(vrc, vrc); + size_t cbBufLeft = RTPathEnsureTrailingSeparator(szPath, sizeof(szPath)); + AssertReturn(cbBufLeft > 0, VERR_FILENAME_TOO_LONG); diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch new file mode 100644 index 000000000000..ad1d1fd11f87 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/qt-env-vars.patch @@ -0,0 +1,14 @@ +--- a/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp ++++ b/src/VBox/HostDrivers/Support/SUPR3HardenedMain.cpp +@@ -2131,6 +2131,11 @@ static void supR3HardenedMainPurgeEnvironment(char **envp) + /** @todo Call NT API to do the same. */ + #endif + } ++ ++ /* ++ * NixOS hack: Set QT_PLUGIN_PATH to make Qt find plugins. ++ */ ++ setenv("QT_PLUGIN_PATH", "@qtPluginPath@", /*overwrite=*/ 1); + } + + diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch b/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch new file mode 100644 index 000000000000..a3aa98b081d1 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/qtx11extras.patch @@ -0,0 +1,16 @@ +diff --git a/kBuild/units/qt5.kmk b/kBuild/units/qt5.kmk +index 71b96a3..73391f0 100644 +--- a/kBuild/units/qt5.kmk ++++ b/kBuild/units/qt5.kmk +@@ -1054,9 +1054,9 @@ else + $(eval $(target)_LIBS += $(PATH_SDK_QT5_LIB)/$(qt_prefix)qtmain$(qt_infix)$(SUFF_LIB) ) + endif + else +- $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(PATH_SDK_QT5_LIB)/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) ++ $(eval $(target)_LIBS += $(foreach module,$(qt_modules), $(if $(filter X11Extras,$(module)),$(PATH_QT5_X11_EXTRAS_LIB),$(PATH_SDK_QT5_LIB))/lib$(qt_prefix)Qt5$(module)$(qt_infix)$(SUFF_DLL)) ) + endif +- $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) ) ++ $(eval $(target)_INCS += $(addprefix $(PATH_SDK_QT5_INC)/Qt,$(qt_modules)) $(PATH_SDK_QT5_INC) $(PATH_QT5_X11_EXTRAS_INC)/QtX11Extras ) + endif + $(eval $(target)_DEFS += $(foreach module,$(toupper $(qt_modules)), QT_$(module)_LIB) ) + diff --git a/nixpkgs/pkgs/applications/virtualization/virtualbox/update.sh b/nixpkgs/pkgs/applications/virtualization/virtualbox/update.sh new file mode 100755 index 000000000000..fcd02ae8a27b --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/virtualbox/update.sh @@ -0,0 +1,44 @@ +#!/usr/bin/env nix-shell +#!nix-shell -i bash -p curl common-updater-scripts nix-prefetch-scripts jq + +set -xeuo pipefail + +nixpkgs="$(git rev-parse --show-toplevel)" + +attr=virtualbox +oldVersion="$(nix-instantiate --eval -E "with import $nixpkgs {}; $attr.version or (builtins.parseDrvName $attr.name).version" | tr -d '"')" +latestVersion="$(curl -sS https://download.virtualbox.org/virtualbox/LATEST.TXT)" + +function fileShaSum() { + echo "$1" | grep -w $2 | cut -f1 -d' ' +} +function oldHash() { + nix-instantiate --eval --strict -A "$1.drvAttrs.outputHash" | tr -d '"' +} +function nixFile() { + nix-instantiate --eval --strict -A "${1}.meta.position" | sed -re 's/^"(.*):[0-9]+"$/\1/' +} + +if [ ! "$oldVersion" = "$latestVersion" ]; then + shaSums=$(curl -sS https://download.virtualbox.org/virtualbox/$latestVersion/SHA256SUMS) + + virtualBoxShaSum=$(fileShaSum "$shaSums" "VirtualBox-$latestVersion.tar.bz2") + extpackShaSum=$(fileShaSum "$shaSums" "Oracle_VM_VirtualBox_Extension_Pack-$latestVersion.vbox-extpack") + guestAdditionsShaSum=$(fileShaSum "$shaSums" "*VBoxGuestAdditions_$latestVersion.iso") + + virtualboxNixFile=$(nixFile ${attr}) + extpackNixFile=$(nixFile ${attr}Extpack) + guestAdditionsNixFile=$(nixFile linuxPackages.${attr}GuestAdditions) + + extpackOldShaSum=$(oldHash ${attr}Extpack) + guestAdditionsOldShaSum=$(oldHash linuxPackages.${attr}GuestAdditions.src) + + update-source-version $attr $latestVersion $virtualBoxShaSum + sed -i -e 's|value = "'$extpackOldShaSum'"|value = "'$extpackShaSum'"|' $extpackNixFile + sed -i -e 's|sha256 = "'$guestAdditionsOldShaSum'"|sha256 = "'$guestAdditionsShaSum'"|' $guestAdditionsNixFile + + git add $virtualboxNixFile $extpackNixFile $guestAdditionsNixFile + git commit -m "$attr: ${oldVersion} -> ${latestVersion}" +else + echo "$attr is already up-to-date" +fi diff --git a/nixpkgs/pkgs/applications/virtualization/vpcs/default.nix b/nixpkgs/pkgs/applications/virtualization/vpcs/default.nix new file mode 100644 index 000000000000..464fe46b499c --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/vpcs/default.nix @@ -0,0 +1,41 @@ +{ stdenv, fetchurl, glibc }: + +stdenv.mkDerivation rec { + pname = "vpcs"; + version = "0.8"; + + src = fetchurl { + name = "${pname}-${version}.tar.bz2"; + url = "mirror://sourceforge/project/${pname}/${version}/${pname}-${version}-src.tbz"; + sha256 = "14y9nflcyq486vvw0na0fkfmg5dac004qb332v4m5a0vaz8059nw"; + }; + + patches = [ ./vpcs-0.8-glibc-2.26.patch ]; + + buildInputs = [ glibc.static ]; + + buildPhase = ''( + cd src + ./mk.sh ${stdenv.buildPlatform.platform.kernelArch} + )''; + + installPhase = '' + install -D -m555 src/vpcs $out/bin/vpcs; + install -D -m444 man/vpcs.1 $out/share/man/man1/vpcs.1; + ''; + + enableParallelBuilding = true; + + meta = with stdenv.lib; { + description = "Virtual PC simulator"; + longDescription = '' + The VPCS can simulate up to 9 PCs. You can ping/traceroute them, or + ping/traceroute the other hosts/routers from the VPCS when you study the + Cisco routers in the dynamips. + ''; + homepage = "https://sourceforge.net/projects/vpcs/"; + license = licenses.bsd2; + platforms = platforms.linux; + maintainers = with maintainers; [ primeos ]; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/vpcs/vpcs-0.8-glibc-2.26.patch b/nixpkgs/pkgs/applications/virtualization/vpcs/vpcs-0.8-glibc-2.26.patch new file mode 100644 index 000000000000..d94a39ccd64d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/vpcs/vpcs-0.8-glibc-2.26.patch @@ -0,0 +1,14 @@ +diff --git a/src/getopt.h b/src/getopt.h +index 4394aa2..bf59e10 100644 +--- a/src/getopt.h ++++ b/src/getopt.h +@@ -49,9 +49,6 @@ extern int optind; + extern int opterr; + extern int optopt; + +-#ifndef FreeBSD +-int getopt(int argc, char** argv, char* optstr); +-#endif + int arg_to_int(const char* arg, int min, int max, int defalt); + + #ifdef __cplusplus diff --git a/nixpkgs/pkgs/applications/virtualization/x11docker/default.nix b/nixpkgs/pkgs/applications/virtualization/x11docker/default.nix new file mode 100644 index 000000000000..7ef91e6f6094 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/x11docker/default.nix @@ -0,0 +1,29 @@ +{ stdenv, fetchFromGitHub, makeWrapper, nx-libs, xorg, getopt, gnugrep, gawk, ps, mount, iproute }: +stdenv.mkDerivation rec { + pname = "x11docker"; + version = "6.6.1"; + src = fetchFromGitHub { + owner = "mviereck"; + repo = "x11docker"; + rev = "v${version}"; + sha256 = "0p1ypgy45ngxxjczd986pkfh4cn5bs45cwzlfv9fm2p58fkx3aar"; + }; + nativeBuildInputs = [ makeWrapper ]; + + dontBuild = true; + + # Don't install `x11docker-gui`, because requires `kaptain` dependency + installPhase = '' + install -D x11docker "$out/bin/x11docker"; + wrapProgram "$out/bin/x11docker" \ + --prefix PATH : "${stdenv.lib.makeBinPath [ getopt gnugrep gawk ps mount iproute nx-libs xorg.xdpyinfo xorg.xhost xorg.xinit ]}" + ''; + + meta = { + description = "Run graphical applications with Docker"; + homepage = "https://github.com/mviereck/x11docker"; + license = stdenv.lib.licenses.mit; + maintainers = with stdenv.lib.maintainers; [ jD91mZM2 ]; + platforms = stdenv.lib.platforms.linux; + }; +} diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch new file mode 100644 index 000000000000..53821c0d9c51 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-install-python.patch @@ -0,0 +1,16 @@ +tools/python/install-wrap script brakes shebangs patching, disable + +diff --git a/tools/Rules.mk b/tools/Rules.mk +index 87a56dc..a7da869 100644 +--- a/tools/Rules.mk ++++ b/tools/Rules.mk +@@ -90,8 +90,7 @@ CFLAGS += $(CFLAGS-y) + + CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) + +-INSTALL_PYTHON_PROG = \ +- $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) ++INSTALL_PYTHON_PROG = $(INSTALL_PROG) + + %.opic: %.c + $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch new file mode 100644 index 000000000000..072338b87aba --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-fix-ipxe-src.patch @@ -0,0 +1,27 @@ +hack to make etherboot use prefetched ipxe + +diff --git a/tools/firmware/etherboot/Makefile b/tools/firmware/etherboot/Makefile +index a0578d2..64428a0 100644 +--- a/tools/firmware/etherboot/Makefile ++++ b/tools/firmware/etherboot/Makefile +@@ -16,6 +16,7 @@ IPXE_TARBALL_URL ?= $(XEN_EXTFILES_URL)/ipxe-git-$(IPXE_GIT_TAG).tar.gz + + D=ipxe + T=ipxe.tar.gz ++G=ipxe.git + + ROMS = $(addprefix $D/src/bin/, $(addsuffix .rom, $(ETHERBOOT_NICS))) + +@@ -36,9 +37,9 @@ $T: + fi + mv _$T $T + +-$D/src/arch/i386/Makefile: $T Config +- rm -rf $D +- gzip -dc $T | tar xf - ++$D/src/arch/i386/Makefile: $G Config ++ mkdir $D ++ cp -a $G/* $D + for i in $$(cat patches/series) ; do \ + patch -d $D -p1 --quiet <patches/$$i || exit 1 ; \ + done diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch new file mode 100644 index 000000000000..339972a2cdeb --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0000-qemu-seabios-enable-ATA_DMA.patch @@ -0,0 +1,19 @@ +diff -uNr a/src/Kconfig b/src/Kconfig +--- a/src/Kconfig 2015-08-31 10:15:13.231134858 +0200 ++++ b/src/Kconfig 2015-08-31 10:14:24.039180178 +0200 +@@ -144,13 +144,13 @@ + config ATA_DMA + depends on ATA + bool "ATA DMA" +- default n ++ default y + help + Detect and try to use ATA bus mastering DMA controllers. + config ATA_PIO32 + depends on ATA + bool "ATA 32bit PIO" +- default n ++ default y + help + Use 32bit PIO accesses on ATA (minor optimization on PCI transfers). + config AHCI diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch new file mode 100644 index 000000000000..67b7ac777b5d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0001-libxl-Spice-image-compression-setting-support-for-up.patch @@ -0,0 +1,104 @@ +From bd71555985efc423b1a119b6a3177de855763453 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:26:30 +0100 +Subject: [PATCH] libxl: Spice image compression setting support for upstream + qemu + +Usage: +spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off] + +Specifies what image compression is to be used by spice (if given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 6 ++++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 24 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index e2f91fc..0c2cbac 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1427,6 +1427,12 @@ for redirection of up to 4 usb devices from spice client to domU's qemu. + It requires an usb controller and if not defined it will automatically adds + an usb2 controller. The default is disabled (0). + ++=item B<spice_image_compression=[auto_glz|auto_lz|quic|glz|lz|off]> ++ ++Specifies what image compression is to be used by spice (if given), otherwise ++the qemu default will be used. Please see documentations of your current qemu ++version for details. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 0a123f1..b8e0b67 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -528,6 +528,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_USBREDIREDIRECTION 1 + + /* ++ * LIBXL_HAVE_SPICE_IMAGECOMPRESSION ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: image_compression. This value defines what Spice image compression ++ * is used. ++ * ++ * If this is not defined, the Spice image compression setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index c2b0487..40c8649 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -398,6 +398,10 @@ static char *dm_spice_options(libxl__gc *gc, + if (!libxl_defbool_val(spice->clipboard_sharing)) + opt = libxl__sprintf(gc, "%s,disable-copy-paste", opt); + ++ if (spice->image_compression) ++ opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, ++ spice->image_compression); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 1214d2e..052ded9 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -241,6 +241,7 @@ libxl_spice_info = Struct("spice_info", [ + ("vdagent", libxl_defbool), + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), ++ ("image_compression", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 0b02a6c..00aa69d 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1948,6 +1948,8 @@ skip_vfb: + &b_info->u.hvm.spice.clipboard_sharing, 0); + if (!xlu_cfg_get_long (config, "spiceusbredirection", &l, 0)) + b_info->u.hvm.spice.usbredirection = l; ++ xlu_cfg_replace_string (config, "spice_image_compression", ++ &b_info->u.hvm.spice.image_compression, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch new file mode 100644 index 000000000000..acf9cff99251 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0002-libxl-Spice-streaming-video-setting-support-for-upst.patch @@ -0,0 +1,104 @@ +From 296c7f3284efe655d95a8ae045a5dc1a20d6fff0 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Tue, 20 Jan 2015 11:33:17 +0100 +Subject: [PATCH] libxl: Spice streaming video setting support for upstream + qemu + +Usage: +spice_streaming_video=[filter|all|off] + +Specifies what streaming video setting is to be used by spice (if +given), +otherwise the qemu default will be used. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Acked-by: Wei Liu <wei.liu2@citrix.com> +--- + docs/man/xl.cfg.pod.5 | 5 +++++ + tools/libxl/libxl.h | 11 +++++++++++ + tools/libxl/libxl_dm.c | 4 ++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 5 files changed, 23 insertions(+) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index 0c2cbac..408653f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1433,6 +1433,11 @@ Specifies what image compression is to be used by spice (if given), otherwise + the qemu default will be used. Please see documentations of your current qemu + version for details. + ++=item B<spice_streaming_video=[filter|all|off]> ++ ++Specifies what streaming video setting is to be used by spice (if given), ++otherwise the qemu default will be used. ++ + =back + + =head3 Miscellaneous Emulated Hardware +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index b8e0b67..c219f59 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -539,6 +539,17 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_SPICE_IMAGECOMPRESSION 1 + + /* ++ * LIBXL_HAVE_SPICE_STREAMINGVIDEO ++ * ++ * If defined, then the libxl_spice_info structure will contain a string type ++ * field: streaming_video. This value defines what Spice streaming video setting ++ * is used. ++ * ++ * If this is not defined, the Spice streaming video setting support is ignored. ++ */ ++#define LIBXL_HAVE_SPICE_STREAMINGVIDEO 1 ++ ++/* + * LIBXL_HAVE_DOMAIN_CREATE_RESTORE_PARAMS 1 + * + * If this is defined, libxl_domain_create_restore()'s API has changed to +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 40c8649..d8d6f0c 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -402,6 +402,10 @@ static char *dm_spice_options(libxl__gc *gc, + opt = libxl__sprintf(gc, "%s,image-compression=%s", opt, + spice->image_compression); + ++ if (spice->streaming_video) ++ opt = libxl__sprintf(gc, "%s,streaming-video=%s", opt, ++ spice->streaming_video); ++ + return opt; + } + +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 052ded9..02be466 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -242,6 +242,7 @@ libxl_spice_info = Struct("spice_info", [ + ("clipboard_sharing", libxl_defbool), + ("usbredirection", integer), + ("image_compression", string), ++ ("streaming_video", string), + ]) + + libxl_sdl_info = Struct("sdl_info", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 00aa69d..b7eac29 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -1950,6 +1950,8 @@ skip_vfb: + b_info->u.hvm.spice.usbredirection = l; + xlu_cfg_replace_string (config, "spice_image_compression", + &b_info->u.hvm.spice.image_compression, 0); ++ xlu_cfg_replace_string (config, "spice_streaming_video", ++ &b_info->u.hvm.spice.streaming_video, 0); + xlu_cfg_get_defbool(config, "nographic", &b_info->u.hvm.nographic, 0); + xlu_cfg_get_defbool(config, "gfx_passthru", + &b_info->u.hvm.gfx_passthru, 0); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch new file mode 100644 index 000000000000..1771b662bc3a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/0003-Add-qxl-vga-interface-support-for-upstream-qem.patch @@ -0,0 +1,165 @@ +From 161212ef02312c0681d2d809c8ff1e1f0ea6f6f9 Mon Sep 17 00:00:00 2001 +From: Fabio Fantoni <fabio.fantoni@m2r.biz> +Date: Wed, 29 Apr 2015 11:20:28 +0200 +Subject: [PATCH] libxl: Add qxl vga interface support for upstream qemu + +Usage: +vga="qxl" + +Qxl vga support many resolutions that not supported by stdvga, +mainly the 16:9 ones and other high up to 2560x1600. +With QXL you can get improved performance and smooth video also +with high resolutions and high quality. +Require their drivers installed in the domU and spice used +otherwise act as a simple stdvga. + +Signed-off-by: Fabio Fantoni <fabio.fantoni@m2r.biz> +Signed-off-by: Zhou Peng <zpengxen@gmail.com> +Acked-by: Stefano Stabellini <stefano.stabellini@eu.citrix.com> +Acked-by: Ian Jackson <ian.jackson@eu.citrix.com> +Acked-by: George Dunlap <george.dunlap@eu.citrix.com> +--- + docs/man/xl.cfg.pod.5 | 10 +++++++++- + tools/libxl/libxl.h | 10 ++++++++++ + tools/libxl/libxl_create.c | 13 +++++++++++++ + tools/libxl/libxl_dm.c | 8 ++++++++ + tools/libxl/libxl_types.idl | 1 + + tools/libxl/xl_cmdimpl.c | 2 ++ + 6 files changed, 43 insertions(+), 1 deletion(-) + +diff --git a/docs/man/xl.cfg.pod.5 b/docs/man/xl.cfg.pod.5 +index f936dfc..8e4154f 100644 +--- a/docs/man/xl.cfg.pod.5 ++++ b/docs/man/xl.cfg.pod.5 +@@ -1360,6 +1360,9 @@ qemu-xen-traditional device-model, the amount of video RAM is fixed at 4 MB, + which is sufficient for 1024x768 at 32 bpp. For the upstream qemu-xen + device-model, the default and minimum is 8 MB. + ++For B<qxl> vga, the default is both default and minimal 128MB. ++If B<videoram> is set less than 128MB, an error will be triggered. ++ + =item B<stdvga=BOOLEAN> + + Select a standard VGA card with VBE (VESA BIOS Extensions) as the +@@ -1371,9 +1374,14 @@ This option is deprecated, use vga="stdvga" instead. + + =item B<vga="STRING"> + +-Selects the emulated video card (none|stdvga|cirrus). ++Selects the emulated video card (none|stdvga|cirrus|qxl). + The default is cirrus. + ++In general, QXL should work with the Spice remote display protocol ++for acceleration, and QXL driver is necessary in guest in this case. ++QXL can also work with the VNC protocol, but it will be like a standard ++VGA without acceleration. ++ + =item B<vnc=BOOLEAN> + + Allow access to the display via the VNC protocol. This enables the +diff --git a/tools/libxl/libxl.h b/tools/libxl/libxl.h +index 44bd8e2..efc0617 100644 +--- a/tools/libxl/libxl.h ++++ b/tools/libxl/libxl.h +@@ -535,6 +535,16 @@ typedef struct libxl__ctx libxl_ctx; + #define LIBXL_HAVE_DOMINFO_OUTSTANDING_MEMKB 1 + + /* ++ * LIBXL_HAVE_QXL ++ * ++ * If defined, then the libxl_vga_interface_type will contain another value: ++ * "QXL". This value define if qxl vga is supported. ++ * ++ * If this is not defined, the qxl vga support is missed. ++ */ ++#define LIBXL_HAVE_QXL 1 ++ ++/* + * LIBXL_HAVE_SPICE_VDAGENT + * + * If defined, then the libxl_spice_info structure will contain a boolean type: +diff --git a/tools/libxl/libxl_create.c b/tools/libxl/libxl_create.c +index e5a343f..188f7df 100644 +--- a/tools/libxl/libxl_create.c ++++ b/tools/libxl/libxl_create.c +@@ -248,6 +248,10 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ LOG(ERROR,"qemu upstream required for qxl vga"); ++ return ERROR_INVAL; ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 8 * 1024; +@@ -272,6 +276,15 @@ int libxl__domain_build_info_setdefault(libxl__gc *gc, + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 0; + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) { ++ b_info->video_memkb = (128 * 1024); ++ } else if (b_info->video_memkb < (128 * 1024)) { ++ LOG(ERROR, ++ "128 Mib videoram is the minimum for qxl default"); ++ return ERROR_INVAL; ++ } ++ break; + case LIBXL_VGA_INTERFACE_TYPE_STD: + if (b_info->video_memkb == LIBXL_MEMKB_DEFAULT) + b_info->video_memkb = 16 * 1024; +diff --git a/tools/libxl/libxl_dm.c b/tools/libxl/libxl_dm.c +index 30c1578..58c9b99 100644 +--- a/tools/libxl/libxl_dm.c ++++ b/tools/libxl/libxl_dm.c +@@ -251,6 +251,8 @@ static char ** libxl__build_device_model_args_old(libxl__gc *gc, + case LIBXL_VGA_INTERFACE_TYPE_NONE: + flexarray_append_pair(dm_args, "-vga", "none"); + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ break; + } + + if (b_info->u.hvm.boot) { +@@ -625,6 +627,12 @@ static char ** libxl__build_device_model_args_new(libxl__gc *gc, + break; + case LIBXL_VGA_INTERFACE_TYPE_NONE: + break; ++ case LIBXL_VGA_INTERFACE_TYPE_QXL: ++ /* QXL have 2 ram regions, ram and vram */ ++ flexarray_append_pair(dm_args, "-device", ++ GCSPRINTF("qxl-vga,vram_size_mb=%"PRIu64",ram_size_mb=%"PRIu64, ++ (b_info->video_memkb/2/1024), (b_info->video_memkb/2/1024) ) ); ++ break; + } + + if (b_info->u.hvm.boot) { +diff --git a/tools/libxl/libxl_types.idl b/tools/libxl/libxl_types.idl +index 117b61d..023b21e 100644 +--- a/tools/libxl/libxl_types.idl ++++ b/tools/libxl/libxl_types.idl +@@ -183,6 +183,7 @@ libxl_vga_interface_type = Enumeration("vga_interface_type", [ + (1, "CIRRUS"), + (2, "STD"), + (3, "NONE"), ++ (4, "QXL"), + ], init_val = "LIBXL_VGA_INTERFACE_TYPE_CIRRUS") + + libxl_vendor_device = Enumeration("vendor_device", [ +diff --git a/tools/libxl/xl_cmdimpl.c b/tools/libxl/xl_cmdimpl.c +index 648ca08..526a1f6 100644 +--- a/tools/libxl/xl_cmdimpl.c ++++ b/tools/libxl/xl_cmdimpl.c +@@ -2115,6 +2115,8 @@ skip_vfb: + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_CIRRUS; + } else if (!strcmp(buf, "none")) { + b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_NONE; ++ } else if (!strcmp(buf, "qxl")) { ++ b_info->u.hvm.vga.kind = LIBXL_VGA_INTERFACE_TYPE_QXL; + } else { + fprintf(stderr, "Unknown vga \"%s\" specified\n", buf); + exit(1); +-- +1.9.2 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix new file mode 100644 index 000000000000..7e3c73fb11d5 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.10.nix @@ -0,0 +1,181 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib, glib, python2 +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib glib python2 + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.10.4"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "0ipkr7b3v3y183n6nfmz7q3gnzxa20011df4jpvxi6pmr8cpnkwh"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + qemu-xen = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen.git"; + # rev = "refs/tags/qemu-xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "qemu-xen-${version}"; + sha256 = "0laxvhdjz1njxjvq3jzw2yqvdr9gdn188kqjf2gcrfzgih7xv2ym"; + }; + buildInputs = qemuDeps; + postPatch = '' + # needed in build but /usr/bin/env is not available in sandbox + substituteInPlace scripts/tracetool.py \ + --replace "/usr/bin/env python" "${python2}/bin/python" + ''; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + qemu-xen-traditional = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; + # rev = "refs/tags/xen-${version}"; + # use revision hash - reproducible but must be updated with each new version + rev = "c8ea0457495342c417c3dc033bba25148b279f60"; + sha256 = "0v5nl3c08kpjg57fb8l191h1y57ykp786kz6l525jgplif28vx13"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/seabios.git"; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/ovmf.git"; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = "https://git.ipxe.org/ipxe.git"; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + xen-libhvm-dir-remote = { + src = fetchgit { + name = "xen-libhvm"; + url = "https://github.com/michalpalka/xen-libhvm"; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + NIX_CFLAGS_COMPILE = toString [ + # Fix build on Glibc 2.24. + "-Wno-error=deprecated-declarations" + # Fix build with GCC 8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" + # Fix build with GCC 9 + "-Wno-error=address-of-packed-member" + "-Wno-error=format-overflow" + "-Wno-error=absolute-value" + ]; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c + # Makefile didn't include previous PKG_CONFIG_PATH so glib wasn't found + substituteInPlace tools/Makefile \ + --replace 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config' 'PKG_CONFIG_PATH=$(XEN_ROOT)/tools/pkg-config:$(PKG_CONFIG_PATH)' + ''; + + passthru = { + qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + }; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix new file mode 100644 index 000000000000..6fa30462df08 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/4.8.nix @@ -0,0 +1,198 @@ +{ stdenv, callPackage, fetchurl, fetchpatch, fetchgit +, ocaml-ng +, withInternalQemu ? true +, withInternalTraditionalQemu ? true +, withInternalSeabios ? true +, withSeabios ? !withInternalSeabios, seabios ? null +, withInternalOVMF ? false # FIXME: tricky to build +, withOVMF ? false, OVMF +, withLibHVM ? true + +# qemu +, udev, pciutils, xorg, SDL, pixman, acl, glusterfs, spice-protocol, usbredir +, alsaLib +, ... } @ args: + +assert withInternalSeabios -> !withSeabios; +assert withInternalOVMF -> !withOVMF; + +with stdenv.lib; + +# Patching XEN? Check the XSAs at +# https://xenbits.xen.org/xsa/ +# and try applying all the ones we don't have yet. + +let + xsa = import ./xsa-patches.nix { inherit fetchpatch; }; + + xenlockprofpatch = (fetchpatch { + name = "xenlockprof-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=f49fa658b53580cf2ad354d2bf1796766cc11222"; + sha256 = "1lvzfvkqirknivm8q4cg5byfqz49s16zjk65fkwl3kwb03chky70"; + }); + + xenpmdpatch = (fetchpatch { + name = "xenpmd-gcc7.patch"; + url = "https://xenbits.xen.org/gitweb/?p=xen.git;a=patch;h=2d78f78a14528752266982473c07118f1bc336e3"; + sha256 = "1ki295pymbcfc64sjb9wqfwpv19p8vwgmnxankada3vm4fxg2rhq"; + }); + + qemuMemfdBuildFix = fetchpatch { + name = "xen-4.8-memfd-build-fix.patch"; + url = "https://github.com/qemu/qemu/commit/75e5b70e6b5dcc4f2219992d7cffa462aa406af0.patch"; + sha256 = "0gaz93kb33qc0jx6iphvny0yrd17i8zhcl3a9ky5ylc2idz0wiwa"; + }; + + # Ported from + #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=e014dbe74e0484188164c61ff6843f8a04a8cb9d"; + #"https://xenbits.xen.org/gitweb/?p=qemu-xen.git;a=patch;h=0e3b891fefacc0e49f3c8ffa3a753b69eb7214d2"; + qemuGlusterfs6Fix = ./qemu-gluster-6-compat.diff; + + qemuDeps = [ + udev pciutils xorg.libX11 SDL pixman acl glusterfs spice-protocol usbredir + alsaLib + ]; +in + +callPackage (import ./generic.nix (rec { + version = "4.8.5"; + + src = fetchurl { + url = "https://downloads.xenproject.org/release/xen/${version}/xen-${version}.tar.gz"; + sha256 = "04xcf01jad1lpqnmjblzhnjzp0bss9fjd9awgcycjx679arbaxqz"; + }; + + # Sources needed to build tools and firmwares. + xenfiles = optionalAttrs withInternalQemu { + qemu-xen = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen.git"; + rev = "refs/tags/qemu-xen-${version}"; + sha256 = "0lb7zd5nvr6znx47z93nbq4gj8xfb3622s8r2cvmpqmwnmlc3nd4"; + }; + patches = [ + qemuMemfdBuildFix + qemuGlusterfs6Fix + ]; + buildInputs = qemuDeps; + meta.description = "Xen's fork of upstream Qemu"; + }; + } // optionalAttrs withInternalTraditionalQemu { + qemu-xen-traditional = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/qemu-xen-traditional.git"; + rev = "refs/tags/xen-${version}"; + sha256 = "0mryap5y53r09m7qc0b821f717ghwm654r8c3ik1w7adzxr0l5qk"; + }; + buildInputs = qemuDeps; + patches = [ + ]; + postPatch = '' + substituteInPlace xen-hooks.mak \ + --replace /usr/include/pci ${pciutils}/include/pci + ''; + meta.description = "Xen's fork of upstream Qemu that uses old device model"; + }; + } // optionalAttrs withInternalSeabios { + "firmware/seabios-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/seabios.git"; + rev = "f0cdc36d2f2424f6b40438f7ee7cc502c0eff4df"; + sha256 = "1wq5pjkjrfzqnq3wyr15mcn1l4c563m65gdyf8jm97kgb13pwwfm"; + }; + patches = [ ./0000-qemu-seabios-enable-ATA_DMA.patch ]; + meta.description = "Xen's fork of Seabios"; + }; + } // optionalAttrs withInternalOVMF { + "firmware/ovmf-dir-remote" = { + src = fetchgit { + url = "https://xenbits.xen.org/git-http/ovmf.git"; + rev = "173bf5c847e3ca8b42c11796ce048d8e2e916ff8"; + sha256 = "07zmdj90zjrzip74fvd4ss8n8njk6cim85s58mc6snxmqqv7gmcr"; + }; + meta.description = "Xen's fork of OVMF"; + }; + } // { + # TODO: patch Xen to make this optional? + "firmware/etherboot/ipxe.git" = { + src = fetchgit { + url = "https://git.ipxe.org/ipxe.git"; + rev = "356f6c1b64d7a97746d1816cef8ca22bdd8d0b5d"; + sha256 = "15n400vm3id5r8y3k6lrp9ab2911a9vh9856f5gvphkazfnmns09"; + }; + meta.description = "Xen's fork of iPXE"; + }; + } // optionalAttrs withLibHVM { + xen-libhvm-dir-remote = { + src = fetchgit { + name = "xen-libhvm"; + url = "https://github.com/michalpalka/xen-libhvm"; + rev = "83065d36b36d6d527c2a4e0f5aaf0a09ee83122c"; + sha256 = "1jzv479wvgjkazprqdzcdjy199azmx2xl3pnxli39kc5mvjz3lzd"; + }; + buildPhase = '' + make + cd biospt + cc -Wall -g -D_LINUX -Wstrict-prototypes biospt.c -o biospt -I../libhvm -L../libhvm -lxenhvm + ''; + installPhase = '' + make install + cp biospt/biospt $out/bin/ + ''; + meta = { + description = '' + Helper library for reading ACPI and SMBIOS firmware values + from the host system for use with the HVM guest firmware + pass-through feature in Xen''; + license = licenses.bsd2; + }; + }; + }; + + configureFlags = [] + ++ optional (!withInternalQemu) "--with-system-qemu" # use qemu from PATH + ++ optional (withInternalTraditionalQemu) "--enable-qemu-traditional" + ++ optional (!withInternalTraditionalQemu) "--disable-qemu-traditional" + + ++ optional (withSeabios) "--with-system-seabios=${seabios}" + ++ optional (!withInternalSeabios && !withSeabios) "--disable-seabios" + + ++ optional (withOVMF) "--with-system-ovmf=${OVMF.fd}/FV/OVMF.fd" + ++ optional (withInternalOVMF) "--enable-ovmf"; + + patches = with xsa; flatten [ + # 253: 4.8 not affected + # 254: no patch supplied by xen project (Meltdown/Spectre) + xenlockprofpatch + xenpmdpatch + ]; + + NIX_CFLAGS_COMPILE = toString [ + # Fix build on Glibc 2.24 + "-Wno-error=deprecated-declarations" + # Fix build with GCC8 + "-Wno-error=maybe-uninitialized" + "-Wno-error=stringop-truncation" + "-Wno-error=format-truncation" + "-Wno-error=array-bounds" + # Fix build with GCC9 + "-Wno-error=address-of-packed-member" + "-Wno-error=format-overflow" + "-Wno-error=absolute-value" + ]; + + postPatch = '' + # Avoid a glibc >= 2.25 deprecation warnings that get fatal via -Werror. + sed 1i'#include <sys/sysmacros.h>' \ + -i tools/blktap2/control/tap-ctl-allocate.c \ + -i tools/libxl/libxl_device.c \ + ${optionalString withInternalQemu "-i tools/qemu-xen/hw/9pfs/9p.c"} + + sed -i -e '/sys\/sysctl\.h/d' tools/blktap2/drivers/block-remus.c + ''; + + passthru.qemu-system-i386 = if withInternalQemu + then "lib/xen/bin/qemu-system-i386" + else throw "this xen has no qemu builtin"; + +})) ({ ocamlPackages = ocaml-ng.ocamlPackages_4_05; } // args) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch b/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch new file mode 100644 index 000000000000..aa4fd494082d --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/acpica-utils-20180427.patch @@ -0,0 +1,63 @@ +From 858dbaaeda33b05c1ac80aea0ba9a03924e09005 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Roger=20Pau=20Monn=C3=A9?= <roger.pau@citrix.com> +Date: Wed, 9 May 2018 11:08:12 +0100 +Subject: [PATCH] libacpi: fixes for iasl >= 20180427 +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +New versions of iasl have introduced improved C file generation, as +reported in the changelog: + +iASL: Enhanced the -tc option (which creates an AML hex file in C, +suitable for import into a firmware project): + 1) Create a unique name for the table, to simplify use of multiple +SSDTs. + 2) Add a protection #ifdef in the file, similar to a .h header file. + +The net effect of that on generated files is: + +-unsigned char AmlCode[] = ++#ifndef __SSDT_S4_HEX__ ++#define __SSDT_S4_HEX__ ++ ++unsigned char ssdt_s4_aml_code[] = + +The above example is from ssdt_s4.asl. + +Fix the build with newer versions of iasl by stripping the '_aml_code' +suffix from the variable name on generated files. + +Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> +Reviewed-by: Wei Liu <wei.liu2@citrix.com> +Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> +Release-acked-by: Juergen Gross <jgross@suse.com> +--- + tools/libacpi/Makefile | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tools/libacpi/Makefile b/tools/libacpi/Makefile +index a47a658a25..c17f3924cc 100644 +--- a/tools/libacpi/Makefile ++++ b/tools/libacpi/Makefile +@@ -43,7 +43,7 @@ all: $(C_SRC) $(H_SRC) + + $(H_SRC): $(ACPI_BUILD_DIR)/%.h: %.asl iasl + iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $< +- sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex >$@ ++ sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex >$@ + rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) + + $(MK_DSDT): mk_dsdt.c +@@ -76,7 +76,7 @@ $(ACPI_BUILD_DIR)/dsdt_anycpu_arm.asl: $(MK_DSDT) + + $(C_SRC): $(ACPI_BUILD_DIR)/%.c: iasl $(ACPI_BUILD_DIR)/%.asl + iasl -vs -p $(ACPI_BUILD_DIR)/$*.$(TMP_SUFFIX) -tc $(ACPI_BUILD_DIR)/$*.asl +- sed -e 's/AmlCode/$*/g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) ++ sed -e 's/AmlCode/$*/g' -e 's/_aml_code//g' $(ACPI_BUILD_DIR)/$*.hex > $@.$(TMP_SUFFIX) + echo "int $*_len=sizeof($*);" >> $@.$(TMP_SUFFIX) + mv -f $@.$(TMP_SUFFIX) $@ + rm -f $(addprefix $(ACPI_BUILD_DIR)/, $*.aml $*.hex) +-- +2.11.0 + diff --git a/nixpkgs/pkgs/applications/virtualization/xen/generic.nix b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix new file mode 100644 index 000000000000..854debc458a3 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/generic.nix @@ -0,0 +1,240 @@ +config: +{ stdenv, cmake, pkgconfig, which + +# Xen +, bison, bzip2, checkpolicy, dev86, figlet, flex, gettext, glib +, iasl, libaio, libiconv, libuuid, ncurses, openssl, perl +, python2Packages +# python2Packages.python +, xz, yajl, zlib + +# Xen Optional +, ocamlPackages + +# Scripts +, coreutils, gawk, gnused, gnugrep, diffutils, multipath-tools +, iproute, inetutils, iptables, bridge-utils, openvswitch, nbd, drbd +, lvm2, utillinux, procps, systemd + +# Documentation +# python2Packages.markdown +, transfig, ghostscript, texinfo, pandoc + +, ...} @ args: + +with stdenv.lib; + +let + #TODO: fix paths instead + scriptEnvPath = concatMapStringsSep ":" (x: "${x}/bin") [ + which perl + coreutils gawk gnused gnugrep diffutils utillinux multipath-tools + iproute inetutils iptables bridge-utils openvswitch nbd drbd + ]; + + withXenfiles = f: concatStringsSep "\n" (mapAttrsToList f config.xenfiles); + + withTools = a: f: withXenfiles (name: x: optionalString (hasAttr a x) '' + echo "processing ${name}" + __do() { + cd "tools/${name}" + ${f name x} + } + ( __do ) + ''); +in + +stdenv.mkDerivation (rec { + inherit (config) version; + + name = "xen-${version}"; + + dontUseCmakeConfigure = true; + + hardeningDisable = [ "stackprotector" "fortify" "pic" ]; + + nativeBuildInputs = [ pkgconfig ]; + buildInputs = [ + cmake which + + # Xen + bison bzip2 checkpolicy dev86 figlet flex gettext glib iasl libaio + libiconv libuuid ncurses openssl perl python2Packages.python xz yajl zlib + + # oxenstored + ocamlPackages.findlib ocamlPackages.ocaml systemd + + # Python fixes + python2Packages.wrapPython + + # Documentation + python2Packages.markdown transfig ghostscript texinfo pandoc + + # Others + ] ++ (concatMap (x: x.buildInputs or []) (attrValues config.xenfiles)) + ++ (config.buildInputs or []); + + prePatch = '' + ### Generic fixes + + # Xen's stubdoms, tools and firmwares need various sources that + # are usually fetched at build time using wget and git. We can't + # have that, so we prefetch them in nix-expression and setup + # fake wget and git for debugging purposes. + + mkdir fake-bin + + # Fake git: just print what it wants and die + cat > fake-bin/wget << EOF + #!${stdenv.shell} -e + echo ===== FAKE WGET: Not fetching \$* + [ -e \$3 ] + EOF + + # Fake git: just print what it wants and die + cat > fake-bin/git << EOF + #!${stdenv.shell} + echo ===== FAKE GIT: Not cloning \$* + [ -e \$3 ] + EOF + + chmod +x fake-bin/* + export PATH=$PATH:$PWD/fake-bin + + # Remove in-tree qemu stuff in case we build from a tar-ball + rm -rf tools/qemu-xen tools/qemu-xen-traditional + + # Fix shebangs, mainly for build-scipts + # We want to do this before getting prefetched stuff to speed things up + # (prefetched stuff has lots of files) + find . -type f | xargs sed -i 's@/usr/bin/\(python\|perl\)@/usr/bin/env \1@g' + find . -type f -not -path "./tools/hotplug/Linux/xendomains.in" \ + | xargs sed -i 's@/bin/bash@${stdenv.shell}@g' + + # Get prefetched stuff + ${withXenfiles (name: x: '' + echo "${x.src} -> tools/${name}" + cp -r ${x.src} tools/${name} + chmod -R +w tools/${name} + '')} + ''; + + patches = [ ./0000-fix-ipxe-src.patch + ./0000-fix-install-python.patch + ] ++ optional (versionOlder version "4.8.5") ./acpica-utils-20180427.patch + ++ (config.patches or []); + + postPatch = '' + ### Hacks + + # Work around a bug in our GCC wrapper: `gcc -MF foo -v' doesn't + # print the GCC version number properly. + substituteInPlace xen/Makefile \ + --replace '$(CC) $(CFLAGS) -v' '$(CC) -v' + + # Hack to get `gcc -m32' to work without having 32-bit Glibc headers. + mkdir -p tools/include/gnu + touch tools/include/gnu/stubs-32.h + + ### Fixing everything else + + substituteInPlace tools/libfsimage/common/fsimage_plugin.c \ + --replace /usr $out + + substituteInPlace tools/blktap2/lvm/lvm-util.c \ + --replace /usr/sbin/vgs ${lvm2}/bin/vgs \ + --replace /usr/sbin/lvs ${lvm2}/bin/lvs + + substituteInPlace tools/misc/xenpvnetboot \ + --replace /usr/sbin/mount ${utillinux}/bin/mount \ + --replace /usr/sbin/umount ${utillinux}/bin/umount + + substituteInPlace tools/xenmon/xenmon.py \ + --replace /usr/bin/pkill ${procps}/bin/pkill + + substituteInPlace tools/xenstat/Makefile \ + --replace /usr/include/curses.h ${ncurses.dev}/include/curses.h + + ${optionalString (builtins.compareVersions config.version "4.8" >= 0) '' + substituteInPlace tools/hotplug/Linux/launch-xenstore.in \ + --replace /bin/mkdir mkdir + ''} + + ${optionalString (builtins.compareVersions config.version "4.6" < 0) '' + # TODO: use this as a template and support our own if-up scripts instead? + substituteInPlace tools/hotplug/Linux/xen-backend.rules.in \ + --replace "@XEN_SCRIPT_DIR@" $out/etc/xen/scripts + + # blktap is not provided by xen, but by xapi + sed -i '/blktap/d' tools/hotplug/Linux/xen-backend.rules.in + ''} + + ${withTools "patches" (name: x: '' + ${concatMapStringsSep "\n" (p: '' + echo "# Patching with ${p}" + patch -p1 < ${p} + '') x.patches} + '')} + + ${withTools "postPatch" (name: x: x.postPatch)} + + ${config.postPatch or ""} + ''; + + postConfigure = '' + substituteInPlace tools/hotplug/Linux/xendomains \ + --replace /bin/ls ls + ''; + + # TODO: Flask needs more testing before enabling it by default. + #makeFlags = [ "XSM_ENABLE=y" "FLASK_ENABLE=y" "PREFIX=$(out)" "CONFIG_DIR=/etc" "XEN_EXTFILES_URL=\\$(XEN_ROOT)/xen_ext_files" ]; + makeFlags = [ "PREFIX=$(out) CONFIG_DIR=/etc" "XEN_SCRIPT_DIR=/etc/xen/scripts" ] + ++ (config.makeFlags or []); + + buildFlags = [ "xen" "tools" ]; + + postBuild = '' + make -C docs man-pages + + ${withTools "buildPhase" (name: x: x.buildPhase)} + ''; + + installPhase = '' + mkdir -p $out $out/share $out/share/man + cp -prvd dist/install/nix/store/*/* $out/ + cp -prvd dist/install/boot $out/boot + cp -prvd dist/install/etc $out + cp -dR docs/man1 docs/man5 $out/share/man/ + + ${withTools "installPhase" (name: x: x.installPhase)} + + # Hack + substituteInPlace $out/etc/xen/scripts/hotplugpath.sh \ + --replace SBINDIR=\"$out/sbin\" SBINDIR=\"$out/bin\" + + wrapPythonPrograms + # We also need to wrap pygrub, which lies in lib + wrapPythonProgramsIn "$out/lib" "$out $pythonPath" + + shopt -s extglob + for i in $out/etc/xen/scripts/!(*.sh); do + sed -i "2s@^@export PATH=$out/bin:${scriptEnvPath}\n@" $i + done + ''; + + enableParallelBuilding = true; + + # TODO(@oxij): Stop referencing args here + meta = { + homepage = "http://www.xen.org/"; + description = "Xen hypervisor and related components" + + optionalString (args ? meta && args.meta ? description) + " (${args.meta.description})"; + longDescription = (args.meta.longDescription or "") + + "\nIncludes:\n" + + withXenfiles (name: x: ''* ${name}: ${x.meta.description or "(No description)"}.''); + platforms = [ "x86_64-linux" ]; + maintainers = with stdenv.lib.maintainers; [ eelco tstrobel oxij ]; + license = stdenv.lib.licenses.gpl2; + } // (config.meta or {}); +} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) diff --git a/nixpkgs/pkgs/applications/virtualization/xen/packages.nix b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix new file mode 100644 index 000000000000..e30006fbcc1a --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/packages.nix @@ -0,0 +1,105 @@ +{ callPackage +, stdenv, overrideCC +}: + +# TODO(@oxij) on new Xen version: generalize this to generate [vanilla slim +# light] for each ./<version>.nix. + +rec { + xen_4_8-vanilla = callPackage ./4.8.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_8-slim = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_8-light = xen_4_8-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen_4_10-vanilla = callPackage ./4.10.nix { + meta = { + description = "vanilla"; + longDescription = '' + Vanilla version of Xen. Uses forks of Qemu and Seabios bundled + with Xen. This gives vanilla experince, but wastes space and + build time: typical NixOS setup that runs lots of VMs will + build three different versions of Qemu when using this (two + forks and upstream). + ''; + }; + }; + + xen_4_10-slim = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = true; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "slim"; + longDescription = '' + Slimmed-down version of Xen that reuses nixpkgs packages as + much as possible. Different parts may get out of sync, but + this builds faster and uses less space than vanilla. Use with + `qemu_xen` from nixpkgs. + ''; + }; + }; + + xen_4_10-light = xen_4_10-vanilla.override { + withInternalQemu = false; + withInternalTraditionalQemu = false; + withInternalSeabios = false; + withSeabios = true; + + meta = { + description = "light"; + longDescription = '' + Slimmed-down version of Xen without `qemu-traditional` (you + don't need it if you don't know what it is). Use with + `qemu_xen-light` from nixpkgs. + ''; + }; + }; + + xen-vanilla = xen_4_8-vanilla; + xen-slim = xen_4_8-slim; + xen-light = xen_4_8-light; + +} diff --git a/nixpkgs/pkgs/applications/virtualization/xen/qemu-gluster-6-compat.diff b/nixpkgs/pkgs/applications/virtualization/xen/qemu-gluster-6-compat.diff new file mode 100644 index 000000000000..7ec6ad3aba66 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/qemu-gluster-6-compat.diff @@ -0,0 +1,95 @@ +diff --git a/block/gluster.c b/block/gluster.c +index 01b479fbb9..29552e1186 100644 +--- a/block/gluster.c ++++ b/block/gluster.c +@@ -15,6 +15,10 @@ + #include "qemu/uri.h" + #include "qemu/error-report.h" + ++#ifdef CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT ++# define glfs_ftruncate(fd, offset) glfs_ftruncate(fd, offset, NULL, NULL) ++#endif ++ + #define GLUSTER_OPT_FILENAME "filename" + #define GLUSTER_OPT_VOLUME "volume" + #define GLUSTER_OPT_PATH "path" +@@ -613,7 +617,11 @@ static void qemu_gluster_complete_aio(void *opaque) + /* + * AIO callback routine called from GlusterFS thread. + */ +-static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, void *arg) ++static void gluster_finish_aiocb(struct glfs_fd *fd, ssize_t ret, ++#ifdef CONFIG_GLUSTERFS_IOCB_HAS_STAT ++ struct glfs_stat *pre, struct glfs_stat *post, ++#endif ++ void *arg) + { + GlusterAIOCB *acb = (GlusterAIOCB *)arg; + +diff --git a/configure b/configure +index 4b808f9d17..89fb27fd0d 100755 +--- a/configure ++++ b/configure +@@ -301,6 +301,8 @@ glusterfs="" + glusterfs_xlator_opt="no" + glusterfs_discard="no" + glusterfs_zerofill="no" ++glusterfs_ftruncate_has_stat="no" ++glusterfs_iocb_has_stat="no" + archipelago="no" + gtk="" + gtkabi="" +@@ -3444,6 +3446,38 @@ if test "$glusterfs" != "no" ; then + if $pkg_config --atleast-version=6 glusterfs-api; then + glusterfs_zerofill="yes" + fi ++ cat > $TMPC << EOF ++#include <glusterfs/api/glfs.h> ++ ++int ++main(void) ++{ ++ /* new glfs_ftruncate() passes two additional args */ ++ return glfs_ftruncate(NULL, 0, NULL, NULL); ++} ++EOF ++ if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then ++ glusterfs_ftruncate_has_stat="yes" ++ fi ++ cat > $TMPC << EOF ++#include <glusterfs/api/glfs.h> ++ ++/* new glfs_io_cbk() passes two additional glfs_stat structs */ ++static void ++glusterfs_iocb(glfs_fd_t *fd, ssize_t ret, struct glfs_stat *prestat, struct glfs_stat *poststat, void *data) ++{} ++ ++int ++main(void) ++{ ++ glfs_io_cbk iocb = &glusterfs_iocb; ++ iocb(NULL, 0 , NULL, NULL, NULL); ++ return 0; ++} ++EOF ++ if compile_prog "$glusterfs_cflags" "$glusterfs_libs" ; then ++ glusterfs_iocb_has_stat="yes" ++ fi + else + if test "$glusterfs" = "yes" ; then + feature_not_found "GlusterFS backend support" \ +@@ -5415,6 +5449,14 @@ if test "$archipelago" = "yes" ; then + echo "ARCHIPELAGO_LIBS=$archipelago_libs" >> $config_host_mak + fi + ++if test "$glusterfs_ftruncate_has_stat" = "yes" ; then ++ echo "CONFIG_GLUSTERFS_FTRUNCATE_HAS_STAT=y" >> $config_host_mak ++fi ++ ++if test "$glusterfs_iocb_has_stat" = "yes" ; then ++ echo "CONFIG_GLUSTERFS_IOCB_HAS_STAT=y" >> $config_host_mak ++fi ++ + if test "$libssh2" = "yes" ; then + echo "CONFIG_LIBSSH2=m" >> $config_host_mak + echo "LIBSSH2_CFLAGS=$libssh2_cflags" >> $config_host_mak diff --git a/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix new file mode 100644 index 000000000000..26cdbc1f65f7 --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xen/xsa-patches.nix @@ -0,0 +1,488 @@ +{ fetchpatch }: + +let + xsaPatch = { name , sha256 }: (fetchpatch { + url = "https://xenbits.xen.org/xsa/xsa${name}.patch"; + inherit sha256; + }); +in { + # 4.5 + XSA_190 = (xsaPatch { + name = "190-4.5"; + sha256 = "0f8pw38kkxky89ny3ic5h26v9zsjj9id89lygx896zc3w1klafqm"; + }); + + # 4.5 + XSA_191 = (xsaPatch { + name = "191-4.6"; + sha256 = "1wl1ndli8rflmc44pkp8cw4642gi8z7j7gipac8mmlavmn3wdqhg"; + }); + + # 4.5 + XSA_192 = (xsaPatch { + name = "192-4.5"; + sha256 = "0m8cv0xqvx5pdk7fcmaw2vv43xhl62plyx33xqj48y66x5z9lxpm"; + }); + + # 4.5 + XSA_193 = (xsaPatch { + name = "193-4.5"; + sha256 = "0k9mykhrpm4rbjkhv067f6s05lqmgnldcyb3vi8cl0ndlyh66lvr"; + }); + + # 4.5 + XSA_195 = (xsaPatch { + name = "195"; + sha256 = "0m0g953qnjy2knd9qnkdagpvkkgjbk3ydgajia6kzs499dyqpdl7"; + }); + + # 4.5 + XSA_196 = [ + (xsaPatch { + name = "196-0001-x86-emul-Correct-the-IDT-entry-calculation-in-inject"; + sha256 = "0z53nzrjvc745y26z1qc8jlg3blxp7brawvji1hx3s74n346ssl6"; + }) + (xsaPatch { + name = "196-0002-x86-svm-Fix-injection-of-software-interrupts"; + sha256 = "11cqvr5jn2s92wsshpilx9qnfczrd9hnyb5aim6qwmz3fq3hrrkz"; + }) + ]; + + # 4.5 + XSA_198 = (xsaPatch { + name = "198"; + sha256 = "0d1nndn4p520c9xa87ixnyks3mrvzcri7c702d6mm22m8ansx6d9"; + }); + + # 4.5 + XSA_200 = (xsaPatch { + name = "200-4.6"; + sha256 = "0k918ja83470iz5k4vqi15293zjvz2dipdhgc9sy9rrhg4mqncl7"; + }); + + # 4.5 + XSA_202_45 = (xsaPatch { + name = "202-4.6"; + sha256 = "0nnznkrvfbbc8z64dr9wvbdijd4qbpc0wz2j5vpmx6b32sm7932f"; + }); + + # 4.5 + XSA_204_45 = (xsaPatch { + name = "204-4.5"; + sha256 = "083z9pbdz3f532fnzg7n2d5wzv6rmqc0f4mvc3mnmkd0rzqw8vcp"; + }); + + # 4.5 + XSA_206_45 = [ + (xsaPatch { + name = "206-4.5/0001-xenstored-apply-a-write-transaction-rate-limit"; + sha256 = "07vsm8mlbxh2s01ny2xywnm1bqhhxas1az31fzwb6f1g14vkzwm4"; + }) + (xsaPatch { + name = "206-4.5/0002-xenstored-Log-when-the-write-transaction-rate-limit-"; + sha256 = "17pnvxjmhny22abwwivacfig4vfsy5bqlki07z236whc2y7yzbsx"; + }) + (xsaPatch { + name = "206-4.5/0003-oxenstored-refactor-putting-response-on-wire"; + sha256 = "0xf566yicnisliy82cydb2s9k27l3bxc43qgmv6yr2ir3ixxlw5s"; + }) + (xsaPatch { + name = "206-4.5/0004-oxenstored-remove-some-unused-parameters"; + sha256 = "16cqx9i0w4w3x06qqdk9rbw4z96yhm0kbc32j40spfgxl82d1zlk"; + }) + (xsaPatch { + name = "206-4.5/0005-oxenstored-refactor-request-processing"; + sha256 = "1g2hzlv7w03sqnifbzda85mwlz3bw37rk80l248180sv3k7k6bgv"; + }) + (xsaPatch { + name = "206-4.5/0006-oxenstored-keep-track-of-each-transaction-s-operatio"; + sha256 = "0n65yfxvpfd4cz95dpbwqj3nablyzq5g7a0klvi2y9zybhch9cmg"; + }) + (xsaPatch { + name = "206-4.5/0007-oxenstored-move-functions-that-process-simple-operat"; + sha256 = "0qllvbc9rnj7jhhlslxxs35gvphvih0ywz52jszj4irm23ka5vnz"; + }) + (xsaPatch { + name = "206-4.5/0008-oxenstored-replay-transaction-upon-conflict"; + sha256 = "0lixkxjfzciy9l0f980cmkr8mcsx14c289kg0mn5w1cscg0hb46g"; + }) + (xsaPatch { + name = "206-4.5/0009-oxenstored-log-request-and-response-during-transacti"; + sha256 = "09ph8ddcx0k7rndd6hx6kszxh3fhxnvdjsq13p97n996xrpl1x7b"; + }) + (xsaPatch { + name = "206-4.5/0010-oxenstored-allow-compilation-prior-to-OCaml-3.12.0"; + sha256 = "1y0m7sqdz89z2vs4dfr45cyvxxas323rxar0xdvvvivgkgxawvxj"; + }) + (xsaPatch { + name = "206-4.5/0011-oxenstored-comments-explaining-some-variables"; + sha256 = "1d3n0y9syya4kaavrvqn01d3wsn85gmw7qrbylkclznqgkwdsr2p"; + }) + (xsaPatch { + name = "206-4.5/0012-oxenstored-handling-of-domain-conflict-credit"; + sha256 = "12zgid5y9vrhhpk2syxp0x01lzzr6447fa76n6rjmzi1xgdzpaf8"; + }) + (xsaPatch { + name = "206-4.5/0013-oxenstored-ignore-domains-with-no-conflict-credit"; + sha256 = "0v3g9pm60w6qi360hdqjcw838s0qcyywz9qpl8gzmhrg7a35avxl"; + }) + (xsaPatch { + name = "206-4.5/0014-oxenstored-add-transaction-info-relevant-to-history-"; + sha256 = "0vv3w0h5xh554i9v2vbc8gzm8wabjf2vzya3dyv5yzvly6ygv0sb"; + }) + (xsaPatch { + name = "206-4.5/0015-oxenstored-support-commit-history-tracking"; + sha256 = "1iv2vy29g437vj73x9p33rdcr5ln2q0kx1b3pgxq202ghbc1x1zj"; + }) + (xsaPatch { + name = "206-4.5/0016-oxenstored-only-record-operations-with-side-effects-"; + sha256 = "1cjkw5ganbg6lq78qsg0igjqvbgph3j349faxgk1p5d6nr492zzy"; + }) + (xsaPatch { + name = "206-4.5/0017-oxenstored-discard-old-commit-history-on-txn-end"; + sha256 = "0lm15lq77403qqwpwcqvxlzgirp6ffh301any9g401hs98f9y4ps"; + }) + (xsaPatch { + name = "206-4.5/0018-oxenstored-track-commit-history"; + sha256 = "1jh92p6vjhkm3bn5vz260npvsjji63g2imsxflxs4f3r69sz1nkd"; + }) + (xsaPatch { + name = "206-4.5/0019-oxenstored-blame-the-connection-that-caused-a-transa"; + sha256 = "17k264pk0fvsamj85578msgpx97mw63nmj0j9v5hbj4bgfazvj4h"; + }) + (xsaPatch { + name = "206-4.5/0020-oxenstored-allow-self-conflicts"; + sha256 = "15z3rd49q0pa72si0s8wjsy2zvbm613d0hjswp4ikc6nzsnsh4qy"; + }) + (xsaPatch { + name = "206-4.5/0021-oxenstored-do-not-commit-read-only-transactions"; + sha256 = "04wpzazhv90lg3228z5i6vnh1z4lzd08z0d0fvc4br6pkd0w4va8"; + }) + (xsaPatch { + name = "206-4.5/0022-oxenstored-don-t-wake-to-issue-no-conflict-credit"; + sha256 = "1shbrn0w68rlywcc633zcgykfccck1a77igmg8ydzwjsbwxsmsjy"; + }) + (xsaPatch { + name = "206-4.5/0023-oxenstored-transaction-conflicts-improve-logging"; + sha256 = "1086y268yh8047k1vxnxs2nhp6izp7lfmq01f1gq5n7jiy1sxcq7"; + }) + (xsaPatch { + name = "206-4.5/0024-oxenstored-trim-history-in-the-frequent_ops-function"; + sha256 = "014zs6i4gzrimn814k5i7gz66vbb0adkzr2qyai7i4fxc9h9r7w8"; + }) + ]; + + # 4.5 - 4.8 + XSA_207 = (xsaPatch { + name = "207"; + sha256 = "0wdlhijmw9mdj6a82pyw1rwwiz605dwzjc392zr3fpb2jklrvibc"; + }); + + # 4.5 - 4.8 + XSA_212 = (xsaPatch { + name = "212"; + sha256 = "1ggjbbym5irq534a3zc86md9jg8imlpc9wx8xsadb9akgjrr1r8d"; + }); + + # 4.5 + XSA_213_45 = (xsaPatch { + name = "213-4.5"; + sha256 = "1vnqf89ydacr5bq3d6z2r33xb2sn5vsd934rncyc28ybc9rvj6wm"; + }); + + # 4.5 - 4.8 + XSA_214 = (xsaPatch { + name = "214"; + sha256 = "0qapzx63z0yl84phnpnglpkxp6b9sy1y7cilhwjhxyigpfnm2rrk"; + }); + + # 4.5 + XSA_215 = (xsaPatch { + name = "215"; + sha256 = "0sv8ccc5xp09f1w1gj5a9n3mlsdsh96sdb1n560vh31f4kkd61xs"; + }); + + # 4.5 + XSA_217_45 = (xsaPatch { + name = "217-4.5"; + sha256 = "067pgsfrb9py2dhm1pk9g8f6fs40vyfrcxhj8c12vzamb6svzmn4"; + }); + + # 4.5 + XSA_218_45 = [ + (xsaPatch { + name = "218-4.5/0001-IOMMU-handle-IOMMU-mapping-and-unmapping-failures"; + sha256 = "00y6j3yjxw0igpldsavikmhlxw711k2jsj1qx0s05w2k608gadkq"; + }) + (xsaPatch { + name = "218-4.5/0002-gnttab-fix-unmap-pin-accounting-race"; + sha256 = "0qbbfnnjlpdcd29mzmacfmi859k92c213l91q7w1rg2k6pzx928k"; + }) + (xsaPatch { + name = "218-4.5/0003-gnttab-Avoid-potential-double-put-of-maptrack-entry"; + sha256 = "1cndzvyhf41mk4my6vh3bk9jvh2y4gpmqdhvl9zhxhmppszslqkc"; + }) + (xsaPatch { + name = "218-4.5/0004-gnttab-correct-maptrack-table-accesses"; + sha256 = "02zpb0ffigijacqvyyjylwx3qpgibwslrka7mbxwnclf4s9c03a2"; + }) + ]; + + # 4.5 + XSA_219_45 = (xsaPatch { + name = "219-4.5"; + sha256 = "003msr5vhsc66scmdpgn0lp3p01g4zfw5vj86y5lw9ajkbaywdsm"; + }); + + # 4.5 + XSA_220_45 = (xsaPatch { + name = "220-4.5"; + sha256 = "1dj9nn6lzxlipjb3nb7b9m4337fl6yn2bd7ap1lqrjn8h9zkk1pp"; + }); + + # 4.5 - 4.8 + XSA_221 = (xsaPatch { + name = "221"; + sha256 = "1mcr1nqgxyjrkywdg7qhlfwgz7vj2if1dhic425vgd41p9cdgl26"; + }); + + # 4.5 + XSA_222_45 = [ + (xsaPatch { + name = "222-1-4.6"; + sha256 = "1g4dqm5qx4wqlv1520jpfiscph95vllcp4gqp1rdfailk8xi0mcf"; + }) + (xsaPatch { + name = "222-2-4.5"; + sha256 = "1hw8rhc7q4v309f4w11gxfsn5x1pirvxkg7s4kr711fnmvp9hkzd"; + }) + ]; + + # 4.5 - 4.8 + XSA_223 = (xsaPatch { + name = "223"; + sha256 = "0803gjgcbq9vaz2mq0v5finf1fq8iik1g4hqsjqhjxvspn8l70c5"; + }); + + # 4.5 + XSA_224_45 = [ + (xsaPatch { + name = "224-4.5/0001-gnttab-Fix-handling-of-dev_bus_addr-during-unmap"; + sha256 = "1aislj66ss4cb3v2bh12mrqsyrf288d4h54rj94jjq7h1hnycw7h"; + }) + (xsaPatch { + name = "224-4.5/0002-gnttab-never-create-host-mapping-unless-asked-to"; + sha256 = "1j6fgm1ccb07gg0mi5qmdr0vqwwc3n12z433g1jrija2gbk1x8aq"; + }) + (xsaPatch { + name = "224-4.5/0003-gnttab-correct-logic-to-get-page-references-during-m"; + sha256 = "166kmicwx280fjqjvgigbmhabjksa0hhvqx5h4v6kjlcjpmxqy08"; + }) + (xsaPatch { + name = "224-4.5/0004-gnttab-__gnttab_unmap_common_complete-is-all-or-noth"; + sha256 = "1skc0yj1zsn8xgyq1y57bdc0scvvlmd0ynrjwwf1zkias1wlilav"; + }) + ]; + + # 4.5 + XSA_226_45 = [ + (xsaPatch { + name = "226-4.5/0001-gnttab-dont-use-possibly-unbounded-tail-calls"; + sha256 = "1hx47ppv5q33cw4dwp82lgvv4fp28gx7rxijw0iaczsv8bvb8vcg"; + }) + (xsaPatch { + name = "226-4.5/0002-gnttab-fix-transitive-grant-handling"; + sha256 = "1gzp8m2zfihwlk71c3lqyd0ajh9h11pvkhzhw0mawckxy0qksvlc"; + }) + ]; + + # 4.5 + XSA_227_45 = (xsaPatch { + name = "227-4.5"; + sha256 = "1qfjfisgqm4x98qw54x2qrvgjnvvzizx9p1pjhcnsps9q6g1y3x8"; + }); + + # 4.5 - 4.9 + XSA_230 = (xsaPatch { + name = "230"; + sha256 = "10x0j7wmzkrwycs1ng89fgjzvzh8vsdd4c5nb68b3j1azdx4ld83"; + }); + + # 4.5 + XSA_231_45 = (xsaPatch { + name = "231-4.5"; + sha256 = "06gwx2f1lg51dfk2b4zxp7wv9c4pxdi87pg2asvmxqc78ir7l5s6"; + }); + + # 4.5 - 4.9 + XSA_232 = (xsaPatch { + name = "232"; + sha256 = "0n6irjpmraa3hbxxm64a1cplc6y6g07x7v2fmlpvn70ql3fs0220"; + }); + + # 4.5 - 4.9 + XSA_233 = (xsaPatch { + name = "233"; + sha256 = "1w3m8349cqav56av63w6jzvlsv4jw5rimwvskr9pq2rcbk2dx8kf"; + }); + + # 4.5 + XSA_234_45 = (xsaPatch { + name = "234-4.5"; + sha256 = "1ji6hbgybb4gbgz5l5fis9midnvjbddzam8d63377rkzdyb3yz9f"; + }); + + # 4.5 + XSA_235_45 = (xsaPatch { + name = "235-4.5"; + sha256 = "0hhgnql2gji111020z4wiyzg23wqs6ymanb67rg11p4qad1fp3ff"; + }); + + # 4.5 + XSA_236_45 = (xsaPatch { + name = "236-4.5"; + sha256 = "0hcla86x81wykssd2967gblp7fzx61290p4ls4v0hcyxdg2bs2yz"; + }); + + # 4.5 + XSA_237_45 = [ + (xsaPatch { + name = "237-4.5/0001-x86-dont-allow-MSI-pIRQ-mapping-on-unowned-device"; + sha256 = "0hjxs20jhls4i0iph45a0qpw4znkm04gv74jmwhw84gy4hrhzq3b"; + }) + (xsaPatch { + name = "237-4.5/0002-x86-enforce-proper-privilege-when-mapping-pIRQ-s"; + sha256 = "0ki8nmbc2g1l9wnqsph45a2k4c6dk5s7jvdlxg3zznyiyxjcv8yn"; + }) + (xsaPatch { + name = "237-4.5/0003-x86-MSI-disallow-redundant-enabling"; + sha256 = "1hdz83qrjaqnihz8ji186dypxiblbfpgyb01j9m5alhk4whjqvp1"; + }) + (xsaPatch { + name = "237-4.5/0004-x86-IRQ-conditionally-preserve-irq-pirq-mapping-on-error"; + sha256 = "0csdfn9kzn1k94pg3fcwsgqw14wcd4myi1jkcq5alj1fmkhw4wmk"; + }) + (xsaPatch { + name = "237-4.5/0005-x86-FLASK-fix-unmap-domain-IRQ-XSM-hook"; + sha256 = "14b73rkvbkd1a2gh9kp0zrvv2d3kfwkiv24fg9agh4hrf2w3nx7y"; + }) + ]; + + # 4.5 + XSA_238_45 = (xsaPatch { + name = "238-4.5"; + sha256 = "1x2fg5vfv5jc084h5gjm6fq0nxjpzvi96px3sqzz4pvsvy4y4i1z"; + }); + + # 4.5 + XSA_239_45 = (xsaPatch { + name = "239-4.5"; + sha256 = "06bi8q3973yajxsdj7pcqarvb56q2gisxdiy0cpbyffbmpkfv3h6"; + }); + + # 4.5 + XSA_240_45 = [ + (xsaPatch { + name = "240-4.5/0001-x86-limit-linear-page-table-use-to-a-single-level"; + sha256 = "0pmf10mbnmb88y7mly8s2l0j88cg0ayhkcnmj1zbjrkjmpccv395"; + }) + (xsaPatch { + name = "240-4.5/0002-x86-mm-Disable-PV-linear-pagetables-by-default"; + sha256 = "19f096ra3xndvzkjjasx73p2g25hfkm905px0p3yakwll0qzd029"; + }) + ]; + + # 4.5 - 4.8 + XSA_241 = (xsaPatch { + name = "241-4.8"; + sha256 = "16zb75kzs98f4mdxhbyczk5mbh9dvn6j3yhfafki34x1dfdnq4pj"; + }); + + # 4.5 - 4.9 + XSA_242 = (xsaPatch { + name = "242-4.9"; + sha256 = "0yx3x0i2wybsm7lzdffxa2mm866bjl4ipbb9vipnw77dyg705zpr"; + }); + + # 4.5 + XSA_243_45 = [ + (xsaPatch { + name = "243-4.6-1"; + sha256 = "1cqanpyysa7px0j645z4jw9yqsvv6cbh7yq1b86ap134axfifcan"; + }) + (xsaPatch { + name = "243-4.5-2"; + sha256 = "0wbcgw4m0nzm2902jnda2020l7bd5adkq8j5myi1zmsfzbq03hwn"; + }) + ]; + + # 4.5 + XSA_244_45 = (xsaPatch { + name = "244-4.5"; + sha256 = "05ci3vdl1ywfjpzcvsy1k52whxjk8pxzj7dh3r94yqasr56i5v2l"; + }); + + # 4.5 - 4.9 + XSA_245 = [ + (xsaPatch { + name = "245/0001-xen-page_alloc-Cover-memory-unreserved-after-boot-in"; + sha256 = "12brsgbn7xwakalsn10afykgqmx119mqg6vjj3v2b1pnmf4ss0w8"; + }) + (xsaPatch { + name = "245/0002-xen-arm-Correctly-report-the-memory-region-in-the-du"; + sha256 = "1k6z5r7wnrswsczn2j3a1mc4nvxqm4ydj6n6rvgqizk2pszdkqg8"; + }) + ]; + + # 4.5 - 4.7 + XSA_246_45 = [ + (xsaPatch { + name = "246-4.7"; + sha256 = "13rad4k8z3bq15d67dhgy96kdbrjiq9sy8px0jskbpx9ygjdahkn"; + }) + ]; + + # 4.5 + XSA_247_45 = [ + (xsaPatch { + name = "247-4.5/0001-p2m-Always-check-to-see-if-removing-a-p2m-entry-actu"; + sha256 = "0h1mp5s9si8aw2gipds317f27h9pi7bgnhj0bcmw11p0ch98sg1m"; + }) + (xsaPatch { + name = "247-4.5/0002-p2m-Check-return-value-of-p2m_set_entry-when-decreas"; + sha256 = "0vjjybxbcm4xl26wbqvcqfiyvvlayswm4f98i1fr5a9abmljn5sb"; + }) + ]; + + # 4.5 + XSA_248_45 = [ + (xsaPatch { + name = "248-4.5"; + sha256 = "0csxg6h492ddsa210b45av28iqf7cn2dfdqk4zx10zwf1pv2shyn"; + }) + ]; + + # 4.5 .. 4.9 + XSA_249 = [ + (xsaPatch { + name = "249"; + sha256 = "0v6ngzqhkz7yv4n83xlpxfbkr2qyg5b1cds7ikkinm86hiqy6agl"; + }) + ]; + + # 4.5 + XSA_250_45 = [ + (xsaPatch { + name = "250-4.5"; + sha256 = "0pqldl6qnl834gvfp90z247q9xcjh3835s2iffnajz7jhjb2145d"; + }) + ]; + + # 4.5 + XSA_251_45 = [ + (xsaPatch { + name = "251-4.5"; + sha256 = "0lc94cx271z09r0mhxaypyd9d4740051p28idf5calx5228dqjgm"; + }) + ]; +} diff --git a/nixpkgs/pkgs/applications/virtualization/xhyve/default.nix b/nixpkgs/pkgs/applications/virtualization/xhyve/default.nix new file mode 100644 index 000000000000..921a54b11a2e --- /dev/null +++ b/nixpkgs/pkgs/applications/virtualization/xhyve/default.nix @@ -0,0 +1,36 @@ +{ stdenv, lib, fetchFromGitHub, Hypervisor, vmnet, xpc, libobjc, zlib }: + +stdenv.mkDerivation rec { + pname = "xhyve"; + version = "20191001"; + + src = fetchFromGitHub { + owner = "machyve"; + repo = "xhyve"; + rev = "1f46a3d0bbeb6c90883f302425844fcc3800a776"; + sha256 = "0mm9xa0v6n7xl2qypnppq5abdncd31vffiklrhcrlni5ymyh9ia5"; + }; + + buildInputs = [ Hypervisor vmnet xpc libobjc zlib ]; + + # Don't use git to determine version + prePatch = '' + substituteInPlace Makefile \ + --replace 'shell git describe --abbrev=6 --dirty --always --tags' "$version" + ''; + + + makeFlags = [ "CFLAGS+=-Wno-shift-sign-overflow" ''CFLAGS+=-DVERSION=\"${version}\"'' ]; + + installPhase = '' + mkdir -p $out/bin + cp build/xhyve $out/bin + ''; + + meta = { + description = "Lightweight Virtualization on macOS Based on bhyve"; + homepage = "https://github.com/mist64/xhyve"; + maintainers = [ lib.maintainers.lnl7 ]; + platforms = lib.platforms.darwin; + }; +} |